CVE-2025-47407

CVE-2025-47407 describes a memory corruption in the DSP service during process creation caused by an allocation failure at the kernel level, linked to a TOCTOU race condition. Connected records identify a kernel-level allocation failure as the underlying trigger and the DSP service as the affecte...

CVE-2025-47407 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level...

CVE-2025-47407

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level...

EUVD-2025-209632

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level...

DEBIAN-CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

CVE-2025-58074

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...

rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...

CVE-2026-7730 privsim mcp-test-runner MCP index.ts child_process.spawn os command injection

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7730 privsim mcp-test-runner MCP index.ts child_process.spawn os command injection

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

PT-2026-36843

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level...

Postfix 安全漏洞

Postfix is an open-source mail transfer agent software developed by Postfix. Vulnerabilities existed in versions prior to Postfix 3.8.16, 3.9.10, and 3.10.9. These vulnerabilities stemmed from the lack of text after the third digit in enhanced status codes, which could lead to excessive buffer...

Nginx UI 访问控制错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities related to null...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: It was determined that processstring also allows arrays. To address a common bug where TRACEEVENT’s TPfastassign assigns the address of an allocated string to the ring buffer and then references it in TPPrintk, which can...

Astra Linux - уязвимость в chromium

Before version 90.0.4430.72, using "use after free" in permissions in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: sfc: Fixed NULL dereferencing in ef100processdesignparam. Since the referenced commit, ef100probemain and therefore ef100checkdesignparams are executed before efx-netdev is created. As a result, we cannot use netifsettsomaxsiz...

Astra Linux - уязвимость в tiff

The processCropSelections function in the tools/tiffcrop.c file of LibTIFF, as of version 4.5.0, has a heap-based buffer overflow vulnerability. This vulnerability occurs due to a crafted TIFF image being written with a size of 307203 bytes...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fixed the RTNL deadlock issue Currently, the hibmcge netdev acquires the RTNL lock in pcierrorhandlers.resetprepare and releases it in pcierrorhandlers.resetdone. However, in the PCI framework: pciresetbus –...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not report a bug if someone dirty pages without first consulting ext4. The unpinuserpagesremote function dirty pages without properly warning the file system in advance. Jan Kara noted this race condition in 20181...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close netlink supports iterative dumping of data. It provides the following operations: - start – Optional Initiates the dumping process. - dump – The actual dumping process; this...