Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel before version 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, resulting in an out-of-bounds read in the ntfssetea function in fs/ntfs3/xattr.c...

PT-2026-41994

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An unauthenticated remote attacker can read arbitrary image files from the disk that the PHP user has permission to open. This includes private user-profile photos protected by Access Control Lists...

CVE-2026-25771

Wazuh vulnerability CVE-2026-25771 affects versions 4.3.0 through prior to 4.14.3. The DoS arises in the API authentication middleware: the async Starlette/Asyncio loop calls a synchronous generate_keypair function that performs blocking disk I/O on every request with a Bearer token, allowing an ...

EUVD-2021-18611

Malware in sbrugna...

CVE-2025-50892

The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests IRPMJREAD/IRPMJWRITE sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive...

Linux Distros Unpatched Vulnerability : CVE-2017-10929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The grubmemmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service heap-based buffer overflow and applicati...

kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...

kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...

CVE-2025-0689

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size whi...

Linux Distros Unpatched Vulnerability : CVE-2011-4127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write...

scsi: sd: Fix off-by-one error in sd_read_block_characteristics()

...

Error: XDDS:84D81E3A Unable to Read Disk. Failed to create Machine Catalog. Permission to perform this operation was denied.

Error: XDDS:84D81E3AUnable to Read Disk.Failed to create Machine Catalog. Permission to perform this operation was denied" when creating machine catalog...

Linux kernel ntfs_set_ea out-of-bounds read vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.2, which stems from the ntfs3 subsystem failing to check for correctness during a disk read, a...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.2, which stems from the ntfs3 subsystem failing to check for correctness during a disk read, a...

DEBIAN-CVE-2022-1325

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...

CVE-2021-31727

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to .\ZemanaAntiMalware, register with the driver using IOCTL...

Design/Logic Flaw

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to .\ZemanaAntiMalware, register with the driver using IOCTL...

Mozilla: Race condition when reading from disk while verifying signatures

Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird 78.10...

Mozilla: Race condition when reading from disk while verifying signatures

Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird 78.10...

FreeBSD : xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen (301b04d7-881c-11e5-ab94-002590263bf5)

"The Xen Project reports : Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen the upstream-based qemu %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...