Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: In libceph, replace BUGON with a bounds check for map-maxosd. OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: removed BUGON in cephgetprimaryaffinity, min...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the GGUF model loader. An attacker can access sensitive server memory contents, including environment variables, API keys, system prompts, and concurrent users' conversation data, by submitting a specially crafted...

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute in the session process. An attacker can intercept session...

CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

CVE-2026-21665

The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...

CVE-2026-21665

The CVE concerns the Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in the unsupported 2021.2.4 release (build 4.7.3155.0011). It uses deprecated .NET Remoting TCP channels that enable unsafe deserialization of untrusted data. When exposed to an untrust...

PT-2026-21572

Name of the Vulnerable Software and Affected Versions Fiserv Originate Loans Peripherals version 2021.2.4 build 4.7.3155.0011 Description The Print Service component of Fiserv Originate Loans Peripherals utilizes deprecated .NET Remoting TCP channels that permit unsafe deserialization of untruste...

CVE-2026-26327

OpenClaw is a personal AI assistant. Discovery beacons Bonjour/mDNS and DNS-SD include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs...

EUVD-2025-203797

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

UBUNTU-CVE-2025-68283

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

PT-2025-51688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the libceph component, specifically in the handle auth session key function. This issue could lead to potential out-of-bounds writes due to...

EUVD-2005-0619

Malware in sbrugna...

EUVD-2017-3682

Malware in sbrugna...

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

Remote Code Execution

k8s.io/ingress-nginx is vulnerable to Remote Code Execution. The vulnerability is due to improper request handling in the ingress-nginx controller due to the controller processing untrusted network traffic that can be manipulated to execute arbitrary code and access Secrets...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6943-1 advisory. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. ...

CVE-2023-52424

A flaw was found in the IEEE 802.11 standard. This vulnerability possibly allows an adversary to trick a victim into connecting to an unintended or untrusted network because the SSID is not always used to derive the pairwise master key or session keys and because there is not a protected exchange...

IEEE 802.11 安全漏洞

IEEE 802.11 is a series of IEEE protocols for wireless LANs. A security vulnerability exists in IEEE 802.11 that stems from the ability of an attacker to trick a victim into connecting to an unintended or untrusted network...

Security Updates Outlook for Windows (April 2024)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by a spoofing vulnerability. External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control...

Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions

Withdrawn Advisory This advisory has been withdrawn because the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server...