Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: Fixed the memory leak in resetmethodstore In resetmethodstore, a string is allocated via kstrndup and assigned to the local variable “options”. Then, options is used with strsep to find spaces: c while name = strsep&options,...

EUVD-2026-27378

In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...

CVE-2026-35379

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

DEBIAN-CVE-2026-34080

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...

kernel: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets

In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdownSENDSHUTDOWN for TCPSYNRECV sockets TCPSYNRECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash 1, syzbot managed to trigger a divide by zero in...

CLSA-2023-1689885970 Fix CVE(s): CVE-2023-24329

SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: Start stripping C0 control and space chars in urlsplit - CVE-2023-24329...

CLSA-2023-1687469528 Fix CVE(s): CVE-2023-24329

SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in urlsplit - CVE-2023-24329...

Mozilla Thunderbird 信任管理问题漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird versions 91.0 throug...

CVE-2021-33629

isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data...

PYSEC-2014-64

The isURLInPortal method in the URLTool class in inportal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allowexternalloginsites filtering property, redirect users to...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : ghostscript, gs-esp, gs-gpl vulnerability (USN-599-1)

Chris Evans discovered that Ghostscript contained a buffer overflow in its color space handling code. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the...

Debian DSA-1510-1 : ghostscript - buffer overflow

Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...