337 matches found
EUVD-2026-44975
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code...
CVE-2026-9046
CVE-2026-9046 describes an insecure-permissions issue affecting Windows deployments of Legion Zone and Lenovo App Store (Chinese market). When installed on a non-system partition, a local user could potentially execute arbitrary code due to insufficient access controls. The vulnerability is class...
CVE-2026-9046
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code...
Util-linux: util-linux: heap use-after-free in libblkid nested partition probing
...
Exploit for CVE-2026-41490
CVE-2026-41490 — SQL Injection in Dagster database I/O manager...
CVE-2026-40290
A flaw was found in OP-TEE Trusted Execution Environment. A local attacker could exploit a user-after-free UAF race condition in the shared memory teardown logic when OP-TEE is configured as a Secure Partition Management Controller SPMC for Secure EL0 S-EL0 Secure Partitions. This vulnerability...
CVE-2026-41490
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
CVE-2026-45702
A flaw was found in OP-TEE OS, a Trusted Execution Environment TEE for Arm Cortex-A cores. A type confusion vulnerability exists when OP-TEE OS processes an FFAMEMSHARE request from the normal world. This flaw can be exploited by a local attacker with high privileges when OP-TEE is configured as ...
RockyLinux 10 : luksmeta (RLSA-2026:18421)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18421 advisory. luksmeta: Data corruption when handling LUKS1 partitions with luksmeta CVE-2025-11568 Tenable has extracted the preceding description block directly from the...
RLSA-2026:18421 Moderate: luksmeta security update
LUKSMeta is a simple library for storing metadata in the LUKSv1 header. The luksmeta package is a dependency of the clevis and tang packages, together providing the Network Bound Disk Encryption NBDE in Rocky Linux. Security Fixes: luksmeta: Data corruption when handling LUKS1 partitions with...
luksmeta security update
An update is available for luksmeta. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LUKSMeta is a simple library for storing metadata in the LUKSv1 header. The...
RockyLinux 9 : luksmeta (RLSA-2026:18824)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18824 advisory. luksmeta: Data corruption when handling LUKS1 partitions with luksmeta CVE-2025-11568 Tenable has extracted the preceding description block directly from the...
OSV-2026-795 Stack-buffer-underflow in probe_dasd_pt
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514896889 Crash type: Stack-buffer-underflow READ 1 Crash state: probedasdpt idinfoprobe partitionsprobe...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: ofpart: – Fixed a refcount leak in bcm4908partitionsfwoffset. The function offindnodebypath returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: mtd: partitions: The refcount leak in parseredbootof has been fixed. ofgetchildbyname now returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add the missing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mtd: core: added ofnodeget in the dynamic partitions code This fixes the issue with ofnodeput: 1.078910 6 cmdlinepart partitions found on the MTD device gpmi-nand 1.085116 Creating 6 MTD partitions on “gpmi-nand”: 1.090181...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Error handling in gicpopulateppipartitions was fixed. The function ofgetchildbyname returns a node pointer with a refcount incremented. We should use ofnodeput on it when it is no longer needed. When kcalloc fails...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: EXFAT: Overflow occurred in large-capacity partitions. When using the int type as the sector index, an overflow may occur in large-capacity partitions. For example, if the storage sector size is 512 bytes and the partition capaci...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Firmware: armffa: Fixed FFA device names for logical partitions. Each physical partition can provide multiple services, each with a unique UUID. Each such service can be represented as a logical partition with a unique combinatio...
Astra Linux – Vulnerability in Linux 5.10
A use-after-free flaw was discovered in the addpartition function in the block/partitions/core.c file within the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue arises due to the lack of code cleanup when the deviceadd function fails...