Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check the return value of indxfind to avoid infinite loops We have identified a bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed dentry in the ntfs3 filesystem can cause the...

CVE-2025-71266

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed dentry in the ntfs3 filesystem can cause the...

CVE-2025-71266 fs: ntfs3: check return value of indx_find to avoid infinite loop

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed dentry in the ntfs3 filesystem can cause the...

CVE-2025-71266 fs: ntfs3: check return value of indx_find to avoid infinite loop

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed dentry in the ntfs3 filesystem can cause the...

MAL-2025-20730 Malicious code in fnd-ridgian (npm)

The package fnd-ridgian was found to contain malicious code...

Malicious code in fnd-ridgian (npm)

The package fnd-ridgian was found to contain malicious code...

Malicious code in fnd-validation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2bd94b1bacafc118701343fd0538943fa1b8d0f44cb6e2418ff9feb47ab171e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cisco IoT Field Network Director DoS (cisco-sa-http2-reset-d8Kf32vZ)

The version of Cisco IoT Field Network Director IoT-FND, formerly Connected Grid Network Management System, installed on the remote host is prior to 4.11.0. It is, therefore, affected by a denial of service DoS vulnerability, due to a HTTP/2 protocol-level weakness. The HTTP/2 protocol allows a...

Cisco IoT Field Network Director Unauthenticated REST API (cisco-sa-FND-BCK-GHkPNZ5F)

A Rest API vulnerability exists in Cisco IoT Field Network Director IoT-FND due to IoT-FND not properly authenticating REST API calls. An unauthenticated, remote attacker can exploit this, by obtaining a cross-site request forgery CSRF token and then using the token with REST API requests, to...

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

Cross site request forgery (csrf)

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

CVE-2020-26080

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...

CVE-2020-3392

A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...

CVE-2020-26072

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

CVE-2020-26078

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

CVE-2020-26079

A vulnerability in the web UI of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by...

Cross site scripting

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is...

Improper access control

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

Authorization

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

Design/Logic Flaw

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...