Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid timing-related checks for WARNON. The soft/batadv interface for a queued OGM can be modified during the time when the OGM is queued for transmission, as well as when the OGM is actually transmitted by the worker...

SUSE-SU-2026:1641-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. - CVE-2026-27855: OTP...

📄 openDCIM 25.01 SQL Injection / Remote Code Execution

openDCIM version 25.01 remote SQL injection exploit that achieves remote code execution. ================================================================================================================================== | Title : openDCIM 25.01 SQL Injection Leading to Remote Code Execution | |...

@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses

Summary A sandbox escape vulnerabilities due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Details Even though the key used in property accesses b in the code below is annotated as string, this is never enforced:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987022)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987022 advisory. In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARNON timing related checks The soft/batadv interface for a queued OGM can be...

basic-auth-connect 安全漏洞

basic-auth-connect is an expressjs open source basic authentication middleware for nodes and connections. A security vulnerability exists in basic-auth-connect versions prior to 1.1.0, which stems from the use of timing insecure equality comparisons, which can leak timing information...

SUSE CVE-2021-47252

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARNON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. But WARNON must ...

Bidder Can Retrieve Bid Amount Twice in claimAuction

Lines of code Vulnerability details Impact This vulnerability enables a bidder to recover their bid amount twice during the execution of the claimAuction function. Proof of Concept A race condition between the claimAuction and cancelBid functions allows a non-winning bidder to claim their bid...

GSD-2021-1001053 batman-adv: Avoid WARN_ON timing related checks

batman-adv: Avoid WARNON timing related checks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

UVI-2021-1000914 batman-adv: Avoid WARN_ON timing related checks

batman-adv: Avoid WARNON timing related checks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.128 by commit...