2018 matches found
CVE-2026-12786
The CVE-2026-12786 entry concerns Ezbsystems UltraISO Premium Edition up to version 9.76. It targets an issue in the kernel driver component bootpt64.sys where an unknown functionality allows improper access controls. The attack requires local access, and the exploit has been publicly disclosed. ...
CVE-2026-12786 Ezbsystems UltraISO Premium Edition Kernel Driver bootpt64.sys access control
A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack...
EUVD-2026-38150
A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack...
CVE-2026-12786
A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack...
CVE-2026-12778
A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed ...
CVE-2026-12779 AOMEI Dynamic Disk Manager Kernel Driver ddmdrv.sys access control
A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...
CVE-2026-12778 AOMEI Partition Assistant Kernel Driver ampa10.sys access control
A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed ...
CVE-2026-12778
The CVE-2026-12778 entry concerns AOMEI Partition Assistant up to version 10.10.1, specifically the kernel driver library ampa10.sys. The vulnerability is described as an improper access control issue in a kernel component, exploitable via a local attack. The description indicates that the exploi...
GHSA-MWR2-WMGP-CRJ6 OpenBao's System Backend allows Unauthorized Management of the containing Namespace
Summary A user that is granted namespace management /sys/namespaces capabilities within a non-root namespace "the victim namespace" can abuse special handling of the literal path "root" in namespace path canonicalization to manage the victim namespace itself. Details Several endpoints under...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. File system bugs due to corrupted images are not considered a CVE for any filesystem that can only be mounted with CAPSYSADMIN in the initial user namespace. This includes delegated mounting...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: pps: Fixed a use-after-free On a board running with ntpd and gpsd, I’m encountering a consistent use-after-free in sysexit from gpsd during reboots: pps pps1: Removed ----------- - Cut here----------- kobject: "null"...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sysrtas. Smatch warns: arch/powerpc/kernel/rtas.c:1932 dosysrtas warning: potential Spectre issue with ‘args args’ r local limit The ‘nargs’ and ‘nret’ locals originate from...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...
kernel: Buffer overflow in drivers/xen/sys-hypervisor.c
A flaw was found in the Linux kernel. A buffer overflow vulnerability exists in the Xen hypervisor driver drivers/xen/sys-hypervisor.c. This flaw occurs because the HYPERVISORxenversionXENVERbuildid function returns a build ID that is not properly null-terminated. When the buildidshow function...
CVE-2026-12003
To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...
EUVD-2026-37125
To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...
CVE-2026-12217
A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...
CVE-2026-12217 DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management
A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage backend, such as the cache store or sysregistry...
Vulnerabilities in Microsoft Windows
Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...