52 matches found
CVE-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing
Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...
Astra Linux – Vulnerability in git-lfs
Git LFS is an extension of Git for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host’s URL to the git-credential1 command without checking for embedded line-ending control characters. It then sends any credentials it receives back...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: Fixed an issue with partial SETREGSET for the NTARMTAGGEDADDRCTRL register. Currently, the taggedaddrctrlset function does not initialize the temporary “ctrl” variable. A SETREGSET call with a length of zero will...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rcv: Fixed a kernel crash caused by PRSETTAGGEDADDRCTRL. When the user space performs PRSETTAGGEDADDRCTRL, but the Supm extension is not available, the kernel crashes: Oops - illegal instruction 1 snip epc:...
Unity Linux 20.1050e / 20.1070e Security Update: perl-Net-CIDR-Lite (UTSA-2026-016598)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016598 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some...
CVE-2026-42043
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses within the 127.0.0.0/8 range, excluding 127.0.0.1, the attacker can completely bypass the...
Siemens SCALANCE and RUGGEDCOM Devices Access of Uninitialized Pointer (CVE-2024-57874)
arm64: ptrace: vulnerability due to an uninitialized variable in the taggedaddrctrlset function, leading to potential memory leakage from the kernel stack when a zero-length SETREGSET call is made, exposing up to 64 bits of memory. This plugin only works with Tenable.ot. Please visit...
EUVD-2019-11096
Malware in sbrugna...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-408908)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-408908 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMTAGGEDADDRCTRL Currently taggedaddrctrlset doesn't...
CVE-2025-40911
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...
CVE-2019-17254
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!ReadBadPNG+0x0000000000000101...
CVE-2019-17247
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEGLS+0x0000000000007da8...
DEBIAN-CVE-2025-37966
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PRSETTAGGEDADDRCTRL When userspace does PRSETTAGGEDADDRCTRL, but Supm extension is not available, the kernel crashes: Oops - illegal instruction 1 snip epc : settaggedaddrctrl+0x112/0x15a ra :...
UBUNTU-CVE-2025-37966
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PRSETTAGGEDADDRCTRL When userspace does PRSETTAGGEDADDRCTRL, but Supm extension is not available, the kernel crashes: Oops - illegal instruction 1 snip epc : settaggedaddrctrl+0x112/0x15a ra :...
The vulnerability of the tagged_addr_ctrl_get() function in the arch/arm64/kernel/ptrace.c module, which is part of the ARM 64-bit kernel support for the Linux operating system, allows a hacker to gain access to protected information or cause a service failure.
The vulnerability of the taggedaddrctrlget function in the arch/arm64/kernel/ptrace.c module, which is part of the ARM 64-bit kernel support for the Linux operating system, relates to access to an uninitialized pointer. Exploiting this vulnerability could allow an attacker to gain access to...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-57874)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57874 advisory. - In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for...
arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
...
CVE-2025-1204
The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to...
git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs
A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...
D-Link DIR-816A2 安全漏洞
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control in the form2WlAc.cgi component, which can be exploited by an unauthenticated attacker to set 2.4G and 5G MAC access control via...