Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed NULL access in the assignchannelcontexthandler function. Currently, when the ath12kmacassignviftovdev function fails, the radio handle is accessed from the link VIF handle arvif for debugging purposes. Thi...

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

PT-2026-37228

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description Several ProcessServer handlers, specifically KillAllHandler, SuspendAllHandler, and RunSandboxedHandler, copy a boxname field from request structures into stack buffers using wcscpy without...

CVE-2025-64699

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...

CVE-2025-64699

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...

PT-2025-54386

Name of the Vulnerable Software and Affected Versions SevenCs ORCA G2 version 2.0.1.35 EC2007 Kernel v5.22 Description An issue exists where a Security Descriptor with no explicitly configured DACL is applied to a device object by the regService process, which operates with SYSTEM privileges. Thi...

CVE-2025-12683

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

CVE-2025-12683

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

PT-2025-44963

Name of the Vulnerable Software and Affected Versions Everything affected versions not specified Description The service used by Everything, running with SYSTEM privileges, communicates with the Everything GUI using a named pipe. This named pipe has a NULL Discretionary Access Control List DACL,...

Everything 安全漏洞

Everything is a file search software from Everything open source. A security vulnerability exists in Everything that stems from a named pipe having a NULL DACL, which could lead to a denial-of-service attack or elevation of privilege by a local, low-privileged user...

EUVD-2025-20954

Malicious code in bioql PyPI...

EUVD-2024-30452

Malicious code in bioql PyPI...

CVE-2025-38294

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...

CVE-2025-38294 wifi: ath12k: fix NULL access in assign channel context handler

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...

CVE-2025-38294

The CVE-2025-38294 entry concerns the Linux kernel wifi driver ath12k. The vulnerability arises when ath12k_mac_assign_vif_to_vdev() fails, causing a NULL radio handle (ar) to be dereferenced during debug logging via arvif, which is invalid in fail scenarios where the radio handle is NULL. The fi...

CVE-2025-38294 wifi: ath12k: fix NULL access in assign channel context handler

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...

CVE-2022-21546

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITESAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sgwritesame --ndob" we...