810 matches found
GHSA-9GQX-53GP-C8G3 Duplicate Advisory: uutils coreutils allows users to bypass the --preserve-root safety mechanism
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c7q-4928-8445. This link is maintained to preserve external references. Original Description A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism...
CVE-2026-35338 uutils coreutils chmod Path Traversal Bypass of --preserve-root
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...
PowerDNS Authoritative Server 输入验证错误漏洞
The PowerDNS Authoritative Server is a DNS server developed by the Dutch company PowerDNS. There is a vulnerability in input validation of the PowerDNS Authoritative Server. This vulnerability arises from operations conducted by administrators who are allowed to use the REST API. Such actions may...
ONE 输入验证错误漏洞
ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows during the calculation of the copy size for output tensors,...
Bit-Flip Vulnerability of Shared KV-Cache Blocks in LLM Serving Systems
Rowhammer on GPU DRAM has enabled adversarial bit flips in model weights; shared KV-cache blocks in LLM serving systems present an analogous but previously unexamined target. In vLLM's Prefix Caching, these blocks exist as a single physical copy without integrity protection. Using software fault...
Improper Control of a Resource Through its Lifetime
Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Improper Control of a Resource Through its Lifetime in the process handling entity state transitions. An attack...
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN " and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer...
virtio-win 安全漏洞
virtio-win is an open-source virtual machine simulation software developed by virtio-win. virtio-win has a security vulnerability, which stems from improper memory management during the reset of VirtIO Block devices. This vulnerability may lead to reuse of freed resources after release, as well a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to remove automatically bound connected sockets from the 4-tuple hash table when they...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper cleanup of message states when the sender’s actions are incorrect. This vulnerability may lead...
EUVD-2026-10753
PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state after landing and before the automatic disarm triggered by the COMDISARMLAND parameter, the system lacks a thrott...
PT-2026-24381
Name of the Vulnerable Software and Affected Versions PX4 Autopilot versions 1.12.x through 1.15.x Description The autopilot software contains a logic flaw in the mode switching mechanism. Specifically, when transitioning from Auto mode to Manual mode while the drone is in the "ARMED" state – aft...
Everon 访问控制错误漏洞
Everon is an electric vehicle charging station system developed by Everon Corporation. There is an access control vulnerability in Everon, which stems from the lack of an authentication mechanism. This vulnerability allows unverified attackers to connect to WebSocket endpoints and impersonate...
SUSE CVE-2026-23236
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...
AZL-78632 CVE-2026-23236 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...
DEBIAN-CVE-2026-23236
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...
CVE-2026-23236
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...
UBUNTU-CVE-2026-23236
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...
CVE-2026-23236
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...