Windows 11 Hardening Auditor for WinRE and BitLocker

This Python-based Windows security utility performs defensive auditing and mitigation tasks focused on Windows Recovery Environment WinRE and CVE-2026-45585, BitLocker protection policies, Secure Boot, TPM configuration, and boot-time execution integrity on Windows 11 systems...

PT-2026-47351

In the Linux kernel, the following vulnerability has been resolved: mm/alloc tag: clear codetag for pages allocated before page ext initialization Due to initialization ordering, page ext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed...

CVE-2026-36180

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

EUVD-2026-34195

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

CVE-2026-36180

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

PT-2026-46247

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

CVE-2026-41858 - Brute forceable windows admin creds | Cloud Foundry

CVSS score: 6.5 Medium CVSS:3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. windows-utilities-release – All versions prior to v0.23.0 Description Weak Randomness / Insecure Cryptographic Primitive CWE-338 in...

CVE-2026-34961

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fixed the handling of the RTAS MSRHV for the Cell architecture. The recent changes in MSR handling when entering RTAS firmware caused crashes on IBM Cell machines. An example trace is as follows: The kernel attempte...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Fixed missing NULL checks for kstrdup 1. Replaced “offindnodebypath"/"” with “ofroot” to avoid multiple calls to “ofnodeput”. 2. Fixed a potential kernel error during early boot when memory allocation fails while...

SUSE CVE-2019-12380

DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and eficallphysprolog in arch/x86/platform/efi/efi64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because...

EUVD-2026-29323

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

CVE-2026-34961

Barebox before 2026.04.0 has a heap out-of-bounds read in ext4 extent parsing due to missing validation of eh_entries against buffer capacity in fs/ext4/ext4_common.c. An attacker could supply a malicious ext4 image over USB, SD card, or network boot to trigger reads beyond the allocated buffer d...

CVE-2026-34961 barebox ext4 Extent Parsing Out-of-Bounds Read

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

CVE-2026-43210

A flaw was found in the Linux kernel's tracing ring-buffer subsystem. This vulnerability occurs in the rbreaddatabuffer function, which fails to validate the length of an event before using it to determine the next memory address. If an event's length is corrupted, this can lead to an invalid...

CVE-2026-42372 D-Link DIR-605L A1 Hardcoded Telnet Backdoor Credentials

D-Link DIR-605L Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir605l" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: The “Drain deferred trigger” operation is freed if kthread creation fails. Registration of boot-time triggers may fail before the trigger-data cleanup is completed. If a kthread exists, deferring those operations until...