PT-2025-49062

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.8 Description The Linux kernel contains a flaw in the btrfs subsystem where btrfs check leaked roots may access a NULL pointer if fs info-super copy or fs info-super for commit allocation fails during btrfs...

EUVD-2022-55136

In the Linux kernel, the following vulnerability has been resolved: btrfs: release correct delalloc amount in direct IO write path Running generic/406 causes the following WARNING in btrfsdestroyinode which tells there are outstanding extents left. In btrfsgetblocksdirectwrite, we reserve a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcgframebasedmake due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca...

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-37146

The CVE-2025-37146 entry describes a vulnerability in the web-based management interface of network access point configuration services (e.g., HPE ArubaOS) that can allow an authenticated remote attacker to perform remote command execution on the underlying OS. The public sources indicate exploit...

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. MITRE created this CVE on their behalf. The documented Windows updates...

KB5066791: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (October 2025)

The remote Windows host is missing security update 5066791. It is, therefore, affected by multiple vulnerabilities - tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual til...

KB5066837: Windows 10 LTS 1507 Security Update (October 2025)

The remote Windows host is missing security update 5066837. It is, therefore, affected by multiple vulnerabilities - tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual til...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix use-after-free in stateshow CVE-2025-39877 In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info CVE-2025-39880 In the Linux...

USN-7796-4 linux-azure-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Framebuffer layer; - BTRFS file system; - Ext4 file system; - Network file system NFS server daemon; - Packet...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2210)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2242)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2210)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...

Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

erofs: handle NONHEAD !delta[1] lclusters gracefully

...

Array Networks ArrayOS <= 9.4.0.481 RCE (CVE-2023-28461)

The version of Array Networks ArrayOS running on the remote device is 9.4.0.481 or prior. It is, therefore, affected by a remote code execution vulnerability. Unauthenticated attackers could execute remote code by exploiting a specific attribute in an HTTP header, enabling them to browse the...

PT-2025-46642

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ext4 filesystem handling. Specifically, an invalid combination of the INLINE DATA and EXTENTS flags within an inode can lead to a BUG ON condition...

CVE-2017-20203

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

CVE-2025-11489 wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...