4721 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check for empty objs in the virtiogpuarrayputfree function...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not forcing a single empty string when argv is null in execve...
Navidrome allows an authentication bypass in Subsonic API with non-existent username
Summary In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty salted password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error. Details A flaw...
PT-2025-7809 · Copyparty · Copyparty
Name of the Vulnerable Software and Affected Versions: copyparty versions prior to 1.16.15 Description: The issue is a DOM-based cross-site scripting vulnerability. It can be triggered by handing someone a maliciously-named file and then tricking them into dragging the file into copyparty's Web-U...
CVE-2025-27112
Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...
UBUNTU-CVE-2024-3220
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...
CVE-2024-52968
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password...
CVE-2024-36743
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot...
CVE-2024-36732
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.tensordot...
CLSA-2025-1739388106 libevent: Fix of 3 CVEs
CVE-2016-10195: fix an out-of-bounds stack read in the nameparse function - CVE-2016-10196: fix a stack-based buffer overflow in the evutilparsesockaddrport function - CVE-2016-10197: fix DoS via an empty hostname in the searchmakenew function...
CVE-2024-52968
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password...
CVE-2024-52968
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password...
CVE-2024-52968
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password...
CVE-2024-52968
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password...
CVE-2024-52968
Summary of CVE-2024-52968 (Fortinet FortiClientMac) : Fortinet FortiClientMac versions 7.0.11 through 7.2.4 suffer from an improper authentication vulnerability that allows an attacker to gain improper (unauthorized) access to macOS via an empty password. This is a local impact with high confiden...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mapletree: fixed the null pointer dereferencing in masemptyarearev. Currently, the code calls masstart followed by masdataend if the maple state is MASTART. However, masstart might return with the maplestate being NULL. This coul...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: batman-adv: Bypass of empty buckets in batadvpurgeorigref Many syzbot reports point to soft lockups in batadvpurgeorigref 1 The root cause is unknown, but we can avoid spending too much time on this issue and potentially obtai...
Azure Linux 3.0 Security Update: kernel (CVE-2024-42224)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42224 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for...
coolLabs Coolify Cross-Site Scripting Vulnerability
Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a cross-site scripting vulnerability that stems from allowing a user to search for tags on a tabbed page, and if the search does not return any results, the query is reflected in an error...
CVE-2022-26117
An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...