EulerOS 2.0 SP13 : libsodium (EulerOS-SA-2026-1248)

According to the versions of the libsodium package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint,...

libsodium 安全漏洞

libsodium is a cryptographic software library from the individual developer Frank Denis. A security vulnerability exists in previous versions of libsodium ad3004e, which stems from mishandling of elliptic curve point validity checking, which may allow points that are not part of the main crypto...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper locking and insufficient validity checking, which could lead to a race condition...

CVE-2025-68353

In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlanxmitone Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlanxmitone, e.g. if the iface is brought down. This can lead to the following NULL dereference: BUG: kernel NULL...

EUVD-2021-15879

Malware in sbrugna...

EUVD-2024-39309

Malicious code in bioql PyPI...

EUVD-2023-49611

Malicious code in bioql PyPI...

CVE-2022-50205

The CVE-2022-50205 entry corresponds to a Linux kernel vulnerability in ext2 that adds validity checks for inode counts. The root cause is that inodes stored in the superblock must match the computed value from inodes-per-group, and there must be at least one block worth of inodes per group; thes...

CVE-2022-50205 ext2: Add more validity checks for inode counts

In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stored in the superblock matches the number computed from number of inodes per group. Also verify we have at least one block worth of inodes pe...

PT-2025-18464 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the function dpu plane virtual atomic check in the Linux kernel, which was dereferencing pointers returned by drm atomic get plane state without checking for...

CVE-2024-41987

The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a...

CVE-2023-52804 fs/jfs: Add validity check for db_maxag and db_agpref

In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add validity check for dbmaxag and dbagpref Both dbmaxag and dbagpref are used as the index of the dbagfree array, but there is currently no validity check for dbmaxag and dbagpref, which can lead to errors. The following...

Monero: Transactions in invalid blocks are kept in tx-pool without undergoing certain checks.

The transactions in invalid blocks were kept in the tx-pool without undergoing certain checks. When adding blocks to the blockchain, monerod first added the transactions to the tx pool with relaymethod::block, which allowed the tx-pool to skip certain checks like fee and extra field size. However...

ALSA-2023:6738 Moderate: java-21-openjdk security and bug fix update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

PT-2023-22109 · Ox Software Gmbh +1 · Ox App Suite +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Documents operations, specifically "drawing", could be manipulated to contain invalid data types, possibly script code. This script code could be inject...

CVE-2023-46663

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests...

CVE-2023-46663 Improper Access Control in Sielco PolyEco1000

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests...

CVE-2023-45317

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site...

Code injection

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site...

CVE-2023-45317

CVE-2023-45317 concerns Sielco Radio Link and Analog FM Transmitters. The issue is a Cross-Site Request Forgery where HTTP requests may be accepted without proper validation, potentially allowing an authenticated user to perform administrative actions by visiting a malicious site. The affected pr...