11 matches found
Astra Linux - уязвимость в xwayland, xorg-server
A use-after-free flaw was discovered in X.Org and Xwayland. When a device is removed while it is still frozen, the events queued for that device remain active even after the device is freed. Playing back those events will lead to a use-after-free...
CVE-2026-34766
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the...
Electron 安全漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There are security vulnerabilities in versions ...
PT-2025-37552
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists in the Linux kernel's Open vSwitch OVS implementation related to port output. Specifically, the issue occurs when a network namespace is deleted while packets a...
CVE-2025-21970 net/mlx5: Bridge, fix the crash caused by LAG state check
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Bridge, fix the crash caused by LAG state check When removing LAG device from bridge, NETDEVCHANGEUPPER event is triggered. Driver finds the lower devices PFs to flush all the offloaded entries. And mlx5lagissharedfdb i...
MAL-2025-2599 Malicious code in bsb-family-bot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 73381c6a90c69556e5d81fd8b66b24eb30907c18f1b24a8a1de3635d533d3284 This package decodes and executes a script during installation to set up a Telegram bot for device event monitoring. However, the code is...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an elevation of privilege vulnerability that stems from a double release issue in lwisdeviceeventstatesclearlocked in lwisevent.c, which can be exploited by an attacker to cause elevation of privilege...
kernel: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
A vulnerability was found in the Linux kernel's netfilter subsystem, related to the nftchainfilter feature. This issue occurs when a NETDEVUNREGISTER event is reported, which can leave a stale reference to a network device in the ingress basechain. If this issue is not addressed, this stale...
Privilege escalation
Csrsrv.dll in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process...
CVE-2011-3408
Csrsrv.dll in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process...
Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
This host is missing a critical security update according to Microsoft Bulletin MS11-063. OpenVAS Vulnerability Test $Id: secpodms11-063.nasl 8724 2018-02-08 15:02:56Z cfischer $ Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability 2567680 Authors: Antu Sanadi...