255 matches found
CVE-2025-69689
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...
Unbreakable Enterprise kernel security update
6.12.0-203.76.7.1 - smb: client: reject userspace cifs.spnego descriptions Asim Viladi Oglu Manizada Orabug: 39474418 6.12.0-203.76.7 - tun: free page on buildskb failure in tunxdpone Weiming Shi Orabug: 39456024 - tap: free page on error paths in tapgetuserxdp Weiming Shi Orabug: 39456024 - tun:...
CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: axi-fan-control Fixed a possible NULL pointer dereferencing issue. axifancontrolirqhandler, which depends on the private axifancontroldata structure, might be called before the hwmon device is registered. This could lead t...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: hwmon: gpiofan Fix for out-of-bounds access to arrays The driver does not check whether the cooling state passed to gpiofansetcurstate exceeds the maximum cooling state stored in fandata-numspeeds. Since the cooling state is late...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: hwmon: mlxreg-fan Returns a non-zero value when the fan’s current state is enforced from sysfs. The minimum fan speed can be enforced from sysfs. For example, setting the current fan speed to 20 is used to force the fan speed to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: hwmon: ftsteutates Fixed the TOCTOU race condition in ftsread In the ftsread function, when handling hwmonpwmautochannelstemp, the code accesses the shared variable data-fansourcechannel twice without holding any locks. First, it...
CVE-2026-8273
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...
PT-2026-39572
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi set host/cgi set ntp/cgi fan control/cgi merge user of the file /cgi-bin/system mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...
hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin
...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: hwmon: w83791d Convert macros to functions to avoid Time-of-Check to Time-of-Use race conditions. The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mlxsw: Thermal: Fix for out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: bash cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...
CVE-2025-69689
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...
Fan Control 安全漏洞
Fan Control is a cooling fan control software developed by Rémi Mercier. The Fan Control V251 version contains a security vulnerability, which stems from improper handling of Open File Dialog permissions. This vulnerability could allow local attackers to execute operations with administrator...
EUVD-2025-209578
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...
CVE-2025-69689
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...
CVE-2025-69689
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...
PT-2026-35491
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...
CVE-2025-69689
The CVE-2025-69689 entry concerns the Fan Control application (v251) with an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, enabling a local attacker to perform actions with administrator-level privileges. CVS...
CVE-2025-69689
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...