curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from a server or to a server. Curl has a security vulnerability that stems from an error in proxy credential transmission, which may lead to the incorrect transmission of credentials from one proxy to another...

SUSE CVE-2026-43466

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5eresettxqsqccpc resets dmafifocc to 0 but not dmafifopc, desyncing the DMA FIFO producer and consumer. After...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEVSTATSINC to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev-stats.txerror concurrently. This is because sit tunnels are NETIFFLLTX, meaning their ndostartxmit is not protected by a...

CVE-2022-50186

In the Linux kernel, the following vulnerability has been resolved: ath11k: fix missing skb drop on htctxcompletion error On htctxcompletion error the skb is not dropped. This is wrong since the completionhandler logic expect the skb to be consumed anyway even when an error is triggered. Not...

CVE-2022-50004

CVE-2022-50004 is a Linux kernel vulnerability in the xfrm policy path. A null pointer dereference can occur when transmitting an skb with metadata_dst where dst->dev is NULL, through the xfrm interface, due to a missing null check in xfrmi_xmit/xfrm_lookup_with_ifid. The impact is kernel cras...

CVE-2022-50004 xfrm: policy: fix metadata dst->dev xmit null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst-dev xmit null pointer dereference When we try to transmit an skb with metadatadst attached i.e. dst-dev == NULL through xfrm interface we can hit a null pointer dereference1 in xfrmixmit2 -...

PT-2025-33806

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to the bpf and ktls subsystems. A data corruption issue occurs when using bpf msg pop data in ktls. Specifically, the ciphertext length is not...

Linux Distros Unpatched Vulnerability : CVE-2024-38538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value1 error in bridge device's xmit path by sending a short less...

CVE-2024-53236

In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later...

CVE-2024-33069

CVE-2024-33069 is a Qualcomm WLAN-host vulnerability described in PT-2024-25106 as a use-after-free in lim_tx_mgmt_frame() that leads to a transient Denial of Service when a management frame transmission fails. Affected software is Qualcomm Snapdragon Auto WLAN components (details not fully speci...