15 matches found
Astra Linux - уязвимость в linux
The bpf verifier in the Linux kernel failed to properly handle truncation of the mod32 destination register when the source register was known to be 0. A local attacker who had the ability to load bpf programs could exploit this vulnerability by performing out-of-bounds reads in kernel memory,...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001459)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001459 advisory. The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with...
DEBIAN-CVE-2013-1424
Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787...
Fedora: Security Advisory (FEDORA-2025-3e178bb819)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-6387
A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...
CVE-2021-47058 regmap: set debugfs_name to NULL after it is freed
In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfsname to NULL after it is freed There is a upstream commit cffa4b2122f5"regmap:debugfs: Fix a memory leak when calling regmapattachdev" that adds a if condition when create name for debugfsname. With below...
DEBIAN-CVE-2023-4622
A use-after-free vulnerability in the Linux kernel's afunix component can be exploited to achieve local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unixstreamsendpage could...
CVE-2023-35789
An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line e.g., for amqp-publish or amqp-consume and are thus visible to local attackers by listing a process and its arguments...
CVE-2023-33595
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...
CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...
CVE-2019-19076
A memory leak in the nfpabmu32knodereplace function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service memory consumption, aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit...
CVE-2019-19076
A memory leak in the nfpabmu32knodereplace function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service memory consumption, aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit...
CVE-2017-18201
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in getcdtextgeneric in lib/driver/cdiogeneric.c...
p5-Mojolicious -- cookie-handling vulnerability
Upstream commit: Vulnerabilities existed in cookie handling...
Debian DLA-74-1 : ppp security update
This updates fixes a potential integer overflow in option parsing. A user in the group 'dip' could provide a specially crafted configuration file of more than 2G and generate an integer overflow. This may enable an attacker to overwrite the heap and thereby corrupt security-relevant variables. Se...