Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check the TDLS flag in the ieee80211tdlsoper function, which could result in a non-TDLS site...

PT-2025-48969

Name of the Vulnerable Software and Affected Versions Envoy versions 1.33.12 through 1.36.2 Description Envoy, a high-performance edge/middle/service proxy, experiences crashes when JWT authentication is configured with remote JWKS fetching enabled, allow missing or failed is set to true, multipl...

DEBIAN-CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

GHSA-23RX-C3G5-HV9W Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag

The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equivalent to --allow-env, and writing /proc/self/mem may provide access equivalent t...

CVE-2023-40096

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

PT-2023-27268 · Unknown · Audiorecordclient

Name of the Vulnerable Software and Affected Versions: AudioRecordClient affected versions not specified Description: The issue is related to a missing flag in the OpRecordAudioMonitor::onFirstRef function of AudioRecordClient.cpp, allowing audio recording from the background. This could lead to...

ASB-A-268724205

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-4696

A use-after-free flaw was found in the iouring subsystem of the Linux kernel. This issue occurs during the IORINGOPSPLICE operation due to a missing IOWQWORKFILES flag, leading to an invalid decrease of its reference counter and later causing the use-after-free vulnerability. This flaw allows a...

CVE-2021-27764

CVE-2021-27764 affects HCL BigFix Platform WebUI where a NUMBER cookie is set without Secure or HTTPOnly flags. The available connected documents confirm the issue is a missing HTTPOnly flag in cookies used by WebUI, leading to potential cookie exposure. No exploitation details or affected versio...

Mellow Fish YetiShare Information Disclosure Vulnerability (CNVD-2020-04700)

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. An information disclosure vulnerability exists in Mellow Fish YetiShare versions 3.5.2 through 4.5.3, which stems from the program failing to set the Secure flag on session cookies, and can be exploited by an...

CVE-2019-0341

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application...