Lucene search
K

13286 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in ofono

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

7.8CVSS7.7AI score0.00292EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in ofono

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The...

7.8CVSS7.7AI score0.00294EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function does not properly deactivate filters in the case of a perfect hash; moreover, it deactivates the underlying structure during...

7.8CVSS6.7AI score0.01029EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Ceph

A privilege escalation flaw was discovered in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root through a crash dump, thereby exposing privileged information...

7.8CVSS7.1AI score0.00327EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

The “Use After Free” vulnerability in the Linux kernel’s traffic control index filter tcindex allows for privilege escalation. The imperfect hash area can be updated while packets are being processed, leading to a use-after-free when the ‘tcfextsexec’ function is called with a corrupted tcfext. A...

7.8CVSS6.7AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 5:16 p.m.14 views

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS0.01316EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 5:16 p.m.12 views

CVE-2026-38717

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS0.01316EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 5:16 p.m.12 views

CVE-2026-38714

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS0.01316EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 5:16 p.m.14 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS0.01316EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 1:5 p.m.5 views

GHSA-R2XF-7JW5-PJG6 Docker MCP Gateway: Argument injection via OCI image label YAML

Summary A maliciously crafted OCI image label can inject arbitrary arguments into the docker run command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via docker://, or that the victim's catalog pulls a snapshot from, can mount the host...

8.7CVSS6.5AI score
Exploits0References2
EUVD
EUVD
added 2026/06/18 8:32 a.m.10 views

EUVD-2025-210275

Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials...

9.3CVSS5.4AI score0.00388EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.12 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/18 3:34 a.m.7 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/18 12:0 a.m.14 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

0.01316EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 12:0 a.m.14 views

CVE-2026-38714

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

0.01316EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 12:0 a.m.11 views

EUVD-2026-37917

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:0 a.m.8 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:0 a.m.18 views

CVE-2026-38716

InHand Networks CVE-2026-38716 affects IR912 IR915 devices (V1.0.0.r20042 and earlier). The vulnerability is a command injection in the Python application export function that allows a remote attacker to execute arbitrary commands as root via a crafted input. The CVSS-derived metrics indicate a h...

9.8CVSS6AI score0.01316EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/18 12:0 a.m.9 views

EUVD-2026-37920

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.8AI score0.01316EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 12:0 a.m.9 views

EUVD-2026-37918

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References1
Rows per page
Query Builder