907 matches found
PYSEC-2026-574 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
Summary The resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...
Linux Distros Unpatched Vulnerability : CVE-2026-53488
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - containerd - None Ubuntu Linux - Unknown description CVE-2026-53488 Note that Nessus relies on the presence of the package as reported by the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fixed the potential double-free of the bit17 bitmask. A userspace environment where multiple threads compete to set the tiling to I915TILINGNONE could lead to a double-free of the bit17 bitmask. Alternatively, memory...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: TCP: Add sanity checks to rx zerocopy The purpose of TCP rx zerocopy is to map pages that are initially allocated by NIC drivers, not pages owned by a file system. This patch adds the following additional checks to canmapfrag:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an warning in ext4updateinlinedata. Syzbot identified the following issue: EXT4-fs loop0: Mounted a filesystem with ID 00000000-0000-0000-0000-000000000000 without a journal. Quota mode: none. fscrypt: Uses...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: filemap: Replace pteoffsetmap with pteoffsetmapnolock. The vmf-ptl in filemapfaultrecheckptenone is still set from handleptefault. However, at the same time, we performed a pteunmapvmf-pte operation. After pteunmapvmf-pte and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/MADVCOLLAPSE: handling !none !huge !bad pmd lookups In commit 34488399fa08 “mm/madvise: adding file and shmem support to MADVCOLLAPSE”, we made the following change to findpmdorthpornone: – if !pmdpresentpmde return...
Astra Linux – Vulnerability in curl
This flaw allows an attacker to insert cookies into a running program using libcurl, provided that certain conditions are met. Libcurl performs transfers. In its API, an application creates “easy handles”—individual handles used for single transfers. Libcurl provides a function called...
Linux Distros Unpatched Vulnerability : CVE-2026-12324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and...
Linux Distros Unpatched Vulnerability : CVE-2026-53612
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via TOCTOU in mount8 hookowner.c chmod/chown CVE-2026-53612 Note that Nessus relies o...
Linux Distros Unpatched Vulnerability : CVE-2026-12301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12301 Note that Nessus relies on the presence ...
Linux Distros Unpatched Vulnerability : CVE-2026-12292
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird...
Linux Distros Unpatched Vulnerability : CVE-2026-54411
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...
PT-2026-49616
CVE ID :CVE-2026-54295 Published : June 15, 2026, 6:32 p.m. | 1 hour, 18 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
DEBIAN-CVE-2026-54411
Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...
EUVD-2026-36662
Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...
CVE-2026-54411
Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...
CVE-2026-54411
Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...
CVE-2026-54411
Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...
Linux Distros Unpatched Vulnerability : CVE-2025-55641
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...