21 matches found
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfsbtreecheckdelete The function nilfsbtreecheckdelete, which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer...
Path Traversal
LiquidJS is vulnerable to Path Traversal. The vulnerability is due to the top-level file loads not enforcing the boundary set by the configured root, where a Liquid instance configured with an empty temporary directory as root can return the contents of arbitrary files and attackers can exploit...
CVE-2026-39859
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...
CVE-2026-39859
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...
Linux Kernel Security Vulnerabilities
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of dereferencing an empty root directory during the recycling of tracked Inodes,...
CVE-2026-24054
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
EUVD-2013-2049
Malware in sbrugna...
CVE-2025-57295
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access ca...
PT-2025-38476
Name of the Vulnerable Software and Affected Versions H3C devices versions NX15V100R015 Description H3C devices are susceptible to unauthorized access due to insecure default credentials. The root user account lacks a password, and the H3C user account utilizes the default password “admin”, both...
CVE-2025-9276
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw...
CVE-2025-9276
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw...
CVE-2025-9276
CVE-2025-9276 affects Cockroach Labs “cockroach-k8s-request-cert” container image. The flaw is in the system shadow file configuration, with a blank root password, enabling an authentication bypass over the network. Documented impact is high (authentication bypass; potential full access) and CVSS...
CVE-2025-9276 Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw...
CVE-2025-9276 Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw...
Cockroach Labs cockroach-k8s-request-cert 安全漏洞
Cockroach Labs cockroach-k8s-request-cert is a container image from Cockroach Labs, Inc. A security vulnerability exists in Cockroach Labs cockroach-k8s-request-cert, which stems from an empty root password setting and could lead to authentication bypass...
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability
This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw exists within the configuration of the system shadow file. The issue results from a blank password...
PT-2025-34183
Name of the Vulnerable Software and Affected Versions: Cockroach Labs cockroach-k8s-request-cert affected versions not specified Description: The cockroach-k8s-request-cert component is susceptible to an authentication bypass due to an empty root password. This allows unauthorized access...
AZL-50685 CVE-2024-47757 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfsbtreecheckdelete The function nilfsbtreecheckdelete, which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer...
DEBIAN-CVE-2022-41720
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
Docker Image Appbase Streams Access Control Error Vulnerability
Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...