26 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: API – Use a work queue in cryptoDestroyInstance. The function cryptoDropSpawn is expected to be called from the process context. However, when an instance is not registered while it still has active users, the last user m...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010848)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010848 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in cryptodestroyinstance The function cryptodropspawn expects to be...
SUSE CVE-2023-53799
In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in cryptodestroyinstance The function cryptodropspawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the...
CVE-2023-53799
In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in cryptodestroyinstance The function cryptodropspawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the...
CVE-2023-53799
CVE-2023-53799 affects the Linux kernel crypto subsystem where crypto_destroy_instance could free an instance in atomic context if the last user unregisters while active. Root cause: crypto_drop_spawn may be invoked outside process context, risking atomic-context frees. Fix: defer the freeing to ...
CVE-2023-53799
In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in cryptodestroyinstance The function cryptodropspawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the...
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to...
USN-7772-1 python-eventlet vulnerability
It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...
CVE-2025-49198
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...
CVE-2024-27942
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of...
Siemens RUGGEDCOM CROSSBOW 访问控制错误漏洞
Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. A security vulnerability exists in Siemens RUGGEDCOM CROSSBOW due to an affected system allowing any unauthenticated client to disconnect any active user from the server. An attacker could exploit this...
PT-2024-5192 · Siemens · Ruggedcom Crossbow
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5 Description: The issue is related to a lack of authentication for a critical function, allowing a remote attacker to cause a denial of service. The affected systems permit any unauthenticated client t...
CVE-2023-48249
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...
Design/Logic Flaw
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...
Strava heatmap loophole may reveal users' home addresses
Researchers at NC State University have outlined potential privacy issues with popular fitness app Strava which could lead to users' homes being pinpointed. The researchers' findings are detailed in a paper called Heat marks the spot: de-anonymising users' geographical data on the Strava heat map...
Hackers Breach LastPass Developer System to Steal Source Code
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed,...
Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users
Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to othe...
CVE-2022-27331
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...
Zammad 安全漏洞
A security vulnerability exists in Zammad, a suite of ticket management software from the German company Zammad, which stems from an administrative configuration that broadcasts settings that should only be visible to authenticated users to all users with an active application instance. No detail...
CVE-2019-13385
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log...