89 matches found
Astra Linux – Vulnerability in curl
When curl is used to retrieve and parse cookies from an HTTPS server, it accepts cookies using control codes that, when sent back to an HTTP server later, may cause the server to return 400 responses. This effectively allows a “sister site” to deny service to all other sibling sites...
staging: media: atomisp: Disallow all private IOCTLs
...
UBUNTU-CVE-2026-46205
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of th...
EUVD-2026-32832
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of th...
CVE-2026-46205
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of th...
CVE-2025-47405
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
CVE-2025-47405 Untrusted Pointer Dereference in Camera
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
CVE-2025-47405
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
EUVD-2025-209630
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
CVE-2025-47405 Untrusted Pointer Dereference in Camera
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
JLSEC-2026-397
When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...
PT-2026-36841
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
CVE-2018-6201
In eScan Antivirus 14.0.1400.2029, the driver file econceal.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4...
EUVD-2001-1188
Malware in sbrugna...
EUVD-2001-0405
Malware in sbrugna...
CVE-2023-22668
Memory Corruption in Audio while invoking IOCTLs calls from the user-space...
PT-2025-3110 · Asus · Asus System Analysis Io
Name of the Vulnerable Software and Affected Versions: ASUS System Analysis IO version 1.0.0 Description: The issue is related to improper access control in the AsusSAIO.sys driver, which may allow the misuse of software functionality when crafted IOCTL requests are supplied. This can lead to...
PT-2024-25155 · Asustek Computer · Asus Sabertooth X99 Driver
Name of the Vulnerable Software and Affected Versions: ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver version 1.0.1.0 Description: An issue in the component AsIO64.sys allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Recommendations: For...
flatpak security, bug fix, and enhancement update
An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed desktop...
Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...