Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of a security measure - Execution of arbitrary code root/admin privileges - Execution...

CVE-2025-29839

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally...

CVE-2025-29839

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally...

CVE-2025-29839

Technical details about CVE-2025-29839 (affected product/version/root cause/impact/fix) are not publicly provided in the supplied connected documents. Monitor for updates.

Windows Multiple UNC Provider Driver Information Disclosure Vulnerability

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally...

Microsoft Windows File Server 缓冲区错误漏洞

Microsoft Windows File Server is a server role from Microsoft Corporation USA. A buffer error vulnerability exists in Microsoft Windows File Server. An attacker exploiting this vulnerability could gain access to sensitive information. The following products and versions are affected:Windows 11...

PT-2025-20954 · Microsoft · Windows File Server +1

Name of the Vulnerable Software and Affected Versions: Windows File Server affected versions not specified Description: The issue is an out-of-bounds read that allows an unauthorized attacker to disclose information locally. This could potentially allow attackers to obtain sensitive information a...

USN-7462-1 linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-iot vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - File systems infrastructure; - Ext4 file system; - Network file system NFS server...

CVE-2025-3723

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component MDTM Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...

UBUNTU-CVE-2025-22041

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionsderegister In multichannel mode, UAF issue can occur in sessionderegister when the second channel sets up a session through the connection of the first channel. session that is freed...

PCMan FTP Server 安全漏洞

PCMan FTP Server is PCMan open source set of FTP software. A buffer overflow vulnerability exists in PCMan FTP Server that stems from a failure to properly validate input when processing a specific request. No detailed vulnerability details are provided at this time...

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)

Exploit Title: Rejetto HTTP File Server 2.3m - Remote Code Execution RCE Fofa Dork: "HttpFileServer" && server=="HFS 2.3m" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-23692 Vendor Homepage: http://rejetto.com/hfs/ Software Link:...

CVE-2025-27610

Rack::Static in Rack (Ruby) is vulnerable to Local File Inclusion due to improper sanitization of user-supplied paths, allowing access to files under the configured root. The affected versions are prior to 2.2.13, 3.0.14, and 3.1.12, which contain the patch. The vulnerability enables traversal vi...

Local File Inclusion in Rack::Static

Summary Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. Details The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically,...

Exploit for Code Injection in Rejetto Http_File_Server

This is a PoC exploit for CVE-2024-23692, a remote code executio...

CVE-2025-27098

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

CVE-2021-35223

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution...

CVE-2022-36974

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File...

CVE-2024-0352

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to...

Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...