17020 matches found
CVE-2026-52939
A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS component. An unprivileged local user can trigger a kernel panic by sending a specially crafted atomic control message cmsg over an active RDS/InfiniBand IB connection. This issue is caused by improper handling of masked atomic...
CVE-2026-54328
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...
USN-8193-2: libcap vulnerability
USN-8193-1 fixed a vulnerability in libcap. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Ali Raza discovered that libcap incorrectly handled file capability updates. A local attacker could...
vim: Vim: Command injection allows arbitrary code execution via malicious tag files
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...
vim: Vim: Command injection allows arbitrary code execution via malicious tag files
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...
vim: Vim: Command injection allows arbitrary code execution via malicious tag files
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
kernel: Linux kernel: Denial of service and memory corruption in RDMA umad
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...
Cisco Umbrella Virtual Appliance < 3.8.5 Privilege Escalation (cisco-sa-umbrella-priv-esc-F4wJB7AU)
According to its self-reported version, Cisco Umbrella Insights Virtual Appliance is affected by a vulnerability. - A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability i...
CVE-2016-20092
NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...
CVE-2016-20089
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...
CVE-2016-20094 AnyDesk 2.5.0 Unquoted Service Path Elevation of Privilege
AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A use-after-free flaw was discovered in the Linux kernel’s SGI GRU driver. This flaw arises from the way the grufileunlockedioctl function is called by the user, resulting in a failure in the grucheckchipletassignment function. This flaw allows a local user to cause a system crash or potentially...
Astra Linux – Vulnerability in Plasma-Workspace
In KDE Plasma Workspaces also known as plasma-workspace, prior to versions 5.27.11.1 and 6.x, before version 6.0.5.1, connections were made via ICE, purely based on the host system. This means that all local connections were accepted. This allowed another user on the same machine to gain access t...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A stack overflow flaw was discovered in the Linux kernel’s SYSCTL subsystem regarding how a user modifies certain kernel parameters and variables. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...
Astra Linux – Vulnerability in Linux 5.10
An information leak flaw was discovered due to uninitialized memory in the Linux kernel’s TIPC protocol subsystem, during the process of a user sending a TIPC datagram to one or more destinations. This flaw allows a local user to read certain parts of the kernel’s memory. The affected data is no...
Astra Linux – Vulnerability in Linux 5.10
An integer overflow flaw was discovered in the Linux kernel’s virtio device driver code, where a user triggers the vhostvdpaconfigvalidate function. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A memory write vulnerability that is outside the bounds of the system’s protection was discovered in the Linux kernel’s Kid-friendly Wired Controller driver. This vulnerability allows a local user to crash the system or potentially escalate their privileges. The issue lies in the bigbenprobe...
Astra Linux – Vulnerability in Linux 5.10
A out-of-bounds memory write flaw was discovered in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free flaw was discovered in the Linux kernel’s Amateur Radio AX.25 protocol functionality, regarding the way users connect with the protocol. This flaw allows a local user to crash the system...