Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Properly handles FDA objects with a length of zero. A bug has been fixed where an empty FDA fd array object with 0 fds could cause an out-of-bounds error. The previous implementation used skip == 0 to indicate “this i...

PT-2026-25857

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser has a flaw in its handling of TUS resumable uploads. The software parses the 'Upload-Length' header as a signed 64-bit integer without verifying that the value is non-negative. Th...

UBUNTU-CVE-2026-23194

In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...

CVE-2026-23194

In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...

CVE-2026-23194 rust_binder: correctly handle FDA objects of length zero

In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...

CVE-2026-23194

CVE-2026-23194 relates to the Linux kernel rust_binder handling of FDA objects of length zero. The issue was a out-of-bounds write when an empty fd-array (FDA) with 0 fds was processed, caused by treating skip == 0 as a special “pointer fixup.” The fix replaces this zero-special-case pattern (ori...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of empty file system names, potentially leading to null pointer dereferencing...

CVE-2025-41066

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

CVE-2025-41066

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

CVE-2025-41066 Disclosure of sensitive information in Horde Groupware

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

PT-2025-48687

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

EUVD-2021-14851

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-56375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via...

Linux Distros Unpatched Vulnerability : CVE-2018-12550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, th...

n8n 资源管理错误漏洞

n8n is a scalable workflow automation tool from n8n open source. A resource management error vulnerability exists in n8n versions prior to 1.99.0 that stems from a denial-of-service vulnerability when processing empty file system URIs, which could result in the service being unavailable...

CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

CVE-2022-41232

A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...

UBUNTU-CVE-2025-37792

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtlinitialize function checks that rtlloadfile either had an error or it loaded a zero length file. However, if it loaded a zero length file then the error code is not se...

GHSA-M2JW-CJ8V-937R copyparty renders unsanitized filenames as HTML when user uploads empty files

Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...