DEBIAN-CVE-2026-23376

In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...

CVE-2026-23376

In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, versions 19.16, 19.17, 19.18, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure...

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, versions 19.16, 19.17, 19.18, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure...

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, versions 19.16, 19.17, 19.18, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure...

CVE-2024-23376 Use After Free in ComputerVision

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call...

CVE-2024-23376 Use After Free in ComputerVision

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call...

Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

This is part five of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can skip to the other parts using this table of...

Windows CLFS and five exploits used by ransomware operators

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows...

Update now! February's Patch Tuesday tackles three zero-days

The Patch Tuesday roundup from Microsoft for February 2023 includes three zero-days. Not exactly what we had in mind for Valentine's Day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. As far as we can tell, onl...

Microsoft Windows Multiple Vulnerabilities (KB5022840)

This host is missing an important security update according to Microsoft KB5022840 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2023-23376

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

CVE-2023-23376

CVE-2023-23376 is a Windows Common Log File System Driver elevation-of-privilege vulnerability. The flaw in the CLFS driver could allow a local attacker to gain SYSTEM privileges, potentially enabling a chain with other bugs. Public exploitation and in-the-wild activity are discussed in Patch Tue...

CVE-2023-23376 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2023-23376 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

CVE-2022-23376

CVE-2022-23376 affects WikiDocs version 0.1.18 and involves multiple reflected XSS vulnerabilities on different pages. The NVD entry notes a base CVSSv2 impact of 4.3 (medium) with no confidentiality, no availability impact, and partial integrity impact, while CVSSv3.1 reports a 6.1 (medium) base...

CVE-2020-23376

NoneCMS v1.3 is affected by a CSRF vulnerability in the endpoint public/index.php/admin/nav/add.html. The issue allows an attacker to inject arbitrary web script or HTML via the name parameter, enabling a potential stored XSS attack. The vulnerability is documented across multiple sources (e.g., ...

CVE-2021-23376

CVE-2021-23376 affects all versions of ffmpegdotjs. The root cause is the use of Node.js child_process.exec in the trimvideo function without input sanitization, enabling attacker-controlled input to execute arbitrary commands. Documented impact is arbitrary command execution with network access,...

CVE-2021-23376 Arbitrary Command Injection

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...