16 matches found
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrmallocspi shouldn't use 0 as SPI x-id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 "xfrm: Duplicate SPI Handling", we now create states and add them to the byspi list with this value. xfrmstatedelete...
CVE-2025-39965
In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrmallocspi shouldn't use 0 as SPI x-id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 "xfrm: Duplicate SPI Handling", we now create states and add them to the byspi list with this value. xfrmstatedelete...
EUVD-2025-26182
Malicious code in bioql PyPI...
CVE-2025-39875 igb: Fix NULL pointer dereference in ethtool loopback test
In the Linux kernel, the following vulnerability has been resolved: igb: Fix NULL pointer dereference in ethtool loopback test The igb driver currently causes a NULL pointer dereference when executing the ethtool loopback test. This occurs because there is no associated qvector for the test ring...
PT-2025-39132
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The igb driver experiences a NULL pointer dereference during the ethtool loopback test. This occurs because the test ring lacks an associated q vector when set up, specifically due to...
CVE-2025-40709
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40703
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40709 Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40703 Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40703 Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
PT-2025-35208
Name of the Vulnerable Software and Affected Versions: OpenAtlas version 8.9.0 Description: A Cross-Site Scripting XSS issue exists due to inadequate validation of user input when a POST request is sent. This could allow a remote user to send specially crafted queries to an authenticated user and...
CVE-2021-30203
A reflected cross-site scripting XSS vulnerability in the zero parameter of dzzoffice 2.02.1SCUTF8 allows attackers to execute arbitrary web scripts or HTML...
H03: do use default zero to check account exist.
Lines of code Vulnerability details MIMOProxyRegistry.sol, deployFor function deployForaddress owner public override returns IMIMOProxy proxy IMIMOProxy currentProxy = currentProxiesowner; // Do not deploy if the proxy already exists and the owner is the same. if addresscurrentProxy != address0 &...
kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...
DEBIAN-CVE-2016-3623
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service divide-by-zero by setting the 1 v or 2 h parameter to 0...
DEBIAN-CVE-2009-4605
scripts/setup.php aka the setup script in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the 1 configuration and 2 v0 parameters, which might allow remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...