Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: vsock: Fixed the transport TOCTOU issue. The transport assignment may race with module unloading. This issue is addressed by protecting newtransport from becoming a stale pointer. This also includes fixing an insecure call in...

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

UBUNTU-CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

PT-2025-30875

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a time-of-check-to-time-of-use TOCTOU vulnerability in the vsock transport mechanism. A race condition can occur between transport assignment and module...

CVSWeb Developer CVSWeb 1.80 insecure perl "open" Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1469/info Cvsweb 1.80 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine. The code that is being...

Debian DSA-2537-1 : typo3-src - several vulnerabilities

Several vulnerabilities were discovered in TYPO3, a content management system. - CVE-2012-3527 An insecure call to unserialize in the help system enables arbitrary code execution by authenticated users. - CVE-2012-3528 The TYPO3 backend contains several cross-site scripting vulnerabilities. -...

IBiz E-Banking Integrator ActiveX控件WriteOFXDataFile()不安全调用漏洞

BUGTRAQ ID: 28700 IBiz E-Banking Integrator是用于从银行、投资公司等帐号访问财务交易信息的解决方案。 IBiz E-Banking Integrator所提供的IBizEBank.FIProfile.1 ActiveX控件（fiprofile20.ocx）没有正确地处理对WriteOFXDataFile方式的调用，如果用户受骗访问了恶意网页的话，就可能导致以当前登录用户的权限覆盖和破坏系统上的任意文件。 /n software IBiz E-Banking Integrator 2.0 /n software -----------...

ClamAV milter popen command injection

Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...