Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After the DME Link startup, the error return value is set to the MIPI UniPro GenericErrorCode, which can be either 0 SUCCESS or 1 FAILURE. During a driver probe, an error code...

SUSE CVE-2025-68316

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error return value is set to the MIPI UniPro GenericErrorCode which can be 0 SUCCESS or 1 FAILURE. Upon failure during driver probe, the error code...

CVE-2025-68316 scsi: ufs: core: Fix invalid probe error return value

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error return value is set to the MIPI UniPro GenericErrorCode which can be 0 SUCCESS or 1 FAILURE. Upon failure during driver probe, the error code...

CVE-2025-68316

CVE-2025-68316 affects the Linux kernel’s SCSI UFS core. The root cause was an invalid non‑negative error code propagated from ufshcd_init(), causing a failed probe to be treated as success and potentially leaving the driver in an invalid state. The available connected sources confirm the issue a...

EUVD-2024-2316

Malicious code in bioql PyPI...

Path Traversal

tgstation-server is vulnerable to Path Traversal. The vulnerability is due to low permission users with the "Set .dme Path" privilege potentially setting malicious .dme files to be compiled and executed, which can escalate into remote code execution via BYOND's shell proc...

GHSA-C3H4-9GC2-F7H4 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

Path Traversal

Overview Tgstation.Server.Api is a package that defines HTTP headers, default credentials, models, rights, and routes for communicating with the tgstation-server API Affected versions of this package are vulnerable to Path Traversal that allows low privileged users to set .dme files on the host t...

CVE-2024-41799

Summary: CVE-2024-41799 affects tgstation-server (BYOND server management). Prior to version 6.8.0, low-permission users with the “Set .dme Path” privilege could cause malicious .dme files on the host to be compiled and executed, potentially leading to remote code execution via BYOND’s shell() pr...

PT-2024-29565 · Byond +1 · Byond +1

Name of the Vulnerable Software and Affected Versions: tgstation-server versions prior to 6.8.0 Description: The issue allows low permission users with the "Set .dme Path" privilege to potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files...

Cisco NX-OS Software Data Management Engine Remote Code Execution (CVE-2020-3415)

A vulnerability in the Data Management Engine DME of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input...

CVE-2020-3415

Cisco NX-OS Software Data Management Engine (DME) remote code execution vulnerability (CVE-2020-3415) allows an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code with administrative privileges or trigger DoS by sending crafted Cisco Discovery Protocol packets. Root cause: insuf...

Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability

A vulnerability in the Data Management Engine DME of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input...

Cybersecurity Executive Order 13800: More than a Risk Assessment?

Written by Sr. Solutions Engineer, Micah Maryn. Most folks around the Washington DC beltway have heard the cybersecurity Executive Order EO 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure referred to as a simple risk assessment. But the reality is that it i...