61 matches found
DEBIAN-CVE-2026-10233
A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::readsequenceinfos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to...
CVE-2026-4387
StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...
StrongDM 安全漏洞
StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drbd: fixed a null pointer dereferencing issue during local read operations In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler...
CVE-2025-48520
An improper input validation vulnerability within the AMD Platform Management Framework PMF driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash...
Tunnelblick 安全漏洞
Tunnelblick is a graphical user interface tool for the OpenVPN client developed by Tunnelblick. There are security vulnerabilities in versions 3.3beta26 to 9.0beta01 of Tunnelblick. These vulnerabilities stem from a symbolic link follow-up vulnerability in tunnelblick-helper, which may allow any...
drbd: fix null-pointer dereference on local read error
...
EUVD-2026-15211
In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...
CVE-2026-23285
In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...
UBUNTU-CVE-2026-23285
In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...
CVE-2026-23285
In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...
CVE-2026-23285 drbd: fix null-pointer dereference on local read error
In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...
CVE-2026-23285 drbd: fix null-pointer dereference on local read error
In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...
CVE-2026-23285
CVE-2026-23285 is a Linux kernel vulnerability fixed in the DRBD path: in drbd_request_endio(), READ_COMPLETED_WITH_ERROR can pass a NULL peer_device to __req_mod(), leading to a null pointer dereference inside drbd_set_out_of_sync(). The mitigation described in the advisory is to obtain the peer...
CVE-2026-23285
In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...
Linux Distros Unpatched Vulnerability : CVE-2026-23285
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what,...
GHSA-4JW9-5HRC-M4J6 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`
Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...
CVE-2026-3606
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function adddatasegment of the file src/ettercap/utils/etterfilter/efoutput.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this...
CVE-2026-2858
A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wrencompiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
CVE-2025-58423
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...