14 matches found
luksmeta: Data corruption when handling LUKS1 partitions with luksmeta
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...
EUVD-2026-30600
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...
CVE-2025-55046
MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...
luksmeta: Data corruption when handling LUKS1 partitions with luksmeta
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...
Unity Linux 20.1070e Security Update: luksmeta (UTSA-2025-991100)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991100 advisory. A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissio...
OESA-2025-2688 luksmeta security update
LUKSMeta is a simple library for storing metadata in the LUKSv1 header. Some projects need to store additional metadata about a LUKS volume that is accessable before unlocking it. Fortunately, there is a gap in the LUKS header between the end of the slot area and the payload offset, LUKSMeta uses...
CVE-2025-11568
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...
AZL-72866 CVE-2025-11568 affecting package luksmeta 9-8
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...
UBUNTU-CVE-2025-11568
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...
CVE-2025-11568 Luksmeta: data corruption when handling luks1 partitions with luksmeta
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...
CVE-2025-11568
CVE-2025-11568 affects the luksmeta utility when used with the LUKS1 partition format. The vulnerability allows a user with necessary permissions to write excessive metadata, and due to improper validation of available space, this metadata can overwrite and corrupt the encrypted data, potentially...
CVE-2025-11568
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...
PT-2025-42393
Name of the Vulnerable Software and Affected Versions luksmeta affected versions not specified Description A data corruption issue exists in the luksmeta utility when operating with the LUKS1 disk encryption format. An attacker possessing appropriate permissions can trigger this flaw by writing a...
PT-2025-12064 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions prior to 1.5.9 Description: The issue concerns a lack of proper access control in the /v1/evaluators/ endpoint, allowing low-privilege users to delete evaluator data by sending a DELETE request. This can cause...