kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

SUSE CVE-2025-27819

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

CVE-2024-42995

VTiger CRM = 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules...

PT-2023-26267 · Otrs +1 · Otrs +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to improper neutralization of commands allowed to be executed via OTRS System...

PT-2022-23918 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for XSS via a malicious capability to the metrics or help module. This can be demonstrated by a URI such as "/!!&app=io.ox/files&cap=". Recommendations: For versions 7.10....

PT-2020-6766 · Inspircd +3 · Inspircd +3

Name of the Vulnerable Software and Affected Versions: InspIRCd versions prior to 2.0.29 InspIRCd versions prior to 3.6.0 Description: An issue was discovered in the pgsql module of InspIRCd, which contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...

SA-CONTRIB-2011-004 - Multiple Vulnerabilities In Multiple Contributed Modules

Versions affected and proposed solutions OG Forum for Drupal 6.x OG Forum creates a forum per organic group and restricts viewing forum nodes by group membership. OG Forum does not properly implement access controls on private forums it creates, which can lead to a private group's forums becoming...