Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: erofs: Properly handling NONHEAD !delta1 lclusters. The syzbot tool reported a warning in iomapiterdone: iomapfiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctlfiemap fs/ioctl.c:220 inline Generally, NONHEAD lclusters will not have...

CVE-2025-62363 yt-grabber-tui allows arbitrary code execution via configurable yt-dlp path

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the pathtoytdlp configuration setting. An attacker with write access to the configuration file or the filesyst...

PT-2025-50334

Name of the Vulnerable Software and Affected Versions sd command versions prior to 1.0.0 Description An issue allows attackers to escalate privileges to root via a crafted command. Recommendations Update to a version newer than 1.0.0...

UBUNTU-CVE-2022-4968

netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected...

PT-2024-11906 · Wireguard +4 · Wireguard +4

Name of the Vulnerable Software and Affected Versions: netplan versions prior to 1.0 Description: The issue concerns netplan leaking the private key of WireGuard to local users. A security fix is expected to be released soon. Recommendations: For versions prior to 1.0, a security fix will be...

PT-2023-16213 · WordPress · Scheduled Announcements Widget

Name of the Vulnerable Software and Affected Versions: Scheduled Announcements Widget WordPress plugin versions prior to 1.0 Description: The issue arises from the lack of validation and escaping of some shortcode attributes in the Scheduled Announcements Widget WordPress plugin. This could allow...

PT-2023-9888 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: simpleSAMLphp versions prior to 1.0 Description: A vulnerability was found in the Information Cards Module and classified as problematic. This issue affects some unknown processing, leading to cross-site scripting. The attack may be initiated...

Siemens SINEC NMS 路径遍历漏洞

SINEC NMS, a network management system from Siemens for monitoring and managing industrial networks, is vulnerable to arbitrary file deletion in versions prior to SINEC NMS 1.0 SP2 Update 1. An attacker could use this vulnerability to delete arbitrary files or directories in the user control path...

libyang buffer overflow vulnerability (CNVD-2020-10242)

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. A buffer overflow vulnerability exists in the 'resolvefeaturevalue' function in versions of libyang prior to 1.0-r1. An attacker can exploit this vulnerability to cause the...

Libyang Input Validation Error Vulnerability

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. An input validation error vulnerability exists in yyparse in versions prior to libyang v1.0-r1. The vulnerability stems from a networked system or product that does not properl...

qemu: ccid: buffer overflow in handling of VSC_ATR message

Buffer overflow in the ccidcardvscardhandlemessage function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted VSCATR message...

PT-2014-2164 · Qemu +2 · Qemu +2

Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 0.15.2 QEMU versions 1.x prior to 1.0-rc4 Description: The issue is related to a buffer overflow in the ccid card vscard handle message function, which can be triggered by a crafted VSC ATR message. This could lead to a...