478 matches found
Razer Sila Gaming Router - Remote Code Execution
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2022-29013 info: name: Razer Sila Gaming Router - Remote Code Execution author: DhiyaneshDK severity: critical descriptio...
Linux Distros Unpatched Vulnerability : CVE-2026-4360
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...
CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
UBUNTU-CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-58054
MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fixed the issue of leaking the multicast GID table reference. If the CM ID is destroyed while the CM event for multicast creation is still queued, the cancelworksync function will prevent the work from running. This also...
Amazon Linux 2023 : perl-IO-Compress, perl-IO-Compress-tests (ALAS2023-2026-1825)
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1825 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19...
FreeBSD -- Flaw in Linuxulator execution of setugid binaries
Problem Description: The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and...
CVE-2026-48961
A flaw was found in the zipdetails command-line interface CLI tool, bundled with IO::Compress for Perl. When processing a specially crafted Info-ZIP Unix Extra Field with an 8-byte User ID UID or Group ID GID, the zipdetails tool attempts to call an undefined subroutine. This can lead to the tool...
SUSE CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
UBUNTU-CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
EUVD-2026-32044
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
PT-2026-43487
Name of the Vulnerable Software and Affected Versions IO::Compress versions 2.207 through 2.219 Description The bundled zipdetails CLI tool crashes when processing an Info-ZIP Unix Extra Field tag 0x7875 where the UID Size or GID Size is set to 8. This occurs because the decode ux function trigge...
IO-Compress 安全漏洞
IO-Compress is a Perl library developed by Paul Marquess, which supports various compression formats. Versions of IO-Compress from 2.207 to 2.220 had security vulnerabilities. These vulnerabilities occurred due to the zipdetails CLI tool crashing when processing Info-ZIP Unix Extra Fields. This...
Linux Distros Unpatched Vulnerability : CVE-2026-48961
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-by...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/cma: Fixed a kmemleak in rdmacore that was observed during the blktests nvme/rdma tests with siw. When running the blktests nvme/rdma tests, the following kmemleak issue will appear: - kmemleak: The kernel memory leak...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In statmountstring, most flags assign an output offset pointer offp, which is later updated with the string offset. However, in the cases of STATMOUNTMNTUIDMAP and STATMOUNTMNTGIDMAP, the struct fields are directly set instead of...