172 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed the issue where preallocated blocks were truncated in f2fsfileopen. Chenyuwen has reported the following f2fs bugs: Unable to handle a NULL pointer dereferencing at the virtual address 0000000000000011...
PT-2026-24616
domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write...
CVE-2026-28689
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
CVE-2026-21326
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21336
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...
CVE-2020-37140
Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigge...
CVE-2020-37140
Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigge...
PT-2026-6583
Name of the Vulnerable Software and Affected Versions AIDA64 version 5.50.2100 Description AIDA64 version 5.50.2100 contains a denial of service issue that allows local attackers to crash the application by manipulating file open functionality. An attacker can create a 450-byte buffer of repeated...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which can lead to a deadlock when returning authorization during the open process...
CVE-2020-37066
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2020-37066 GoldWave 5.70 – Buffer Overflow (SEH Unicode)
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2020-37066
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2020-37066 GoldWave 5.70 – Buffer Overflow (SEH Unicode)
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
CVE-2020-37066
GoldWave 5.70 contains a buffer overflow in the File Open URL dialog, triggered by crafted Unicode text input that leads to a stack-based overflow and arbitrary code execution when the file is opened. The vulnerability affects the dialog’s handling of input in the URL/open file workflow and is de...
PT-2026-5817
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute command...
Azure Linux 3.0 Security Update: kernel (CVE-2024-43859)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43859 advisory. - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate preallocated block...
CVE-2025-15132
A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...
EUVD-2025-205504
A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...