kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

CVE-2026-25705

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

CVE-2022-37172

Incorrect access control in the install directory C:\msys64 of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

CVE-2022-36565

Incorrect access control in the install directory C:\Wamp64 of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

CVE-2022-36562

Incorrect access control in the install directory C:\Ruby31-x64 of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

CVE-2022-37172

Incorrect access control in the install directory C:\msys64 of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

MSYS2 安全漏洞

MSYS2 is MSYS2 open source set of tools and libraries. It provides an easy-to-use environment for building, installing and running native Windows software. A security vulnerability exists in MSYS2 version v20220603 and earlier versions that originates from incorrect access control in the...

CVE-2021-38483

The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation...