Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix dparent walk The WARNONONCE in collectdomainaccesses can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call ...

EUVD-2026-8925

A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The...

PT-2026-22198

Name of the Vulnerable Software and Affected Versions go2ismail Asp.Net-Core-Inventory-Order-Management-System versions prior to 9.20250118 Description A flaw exists in the software that allows for improper authorization through manipulation of an unknown functionality within the /api/Security/...

kernel: tcp: drop secpath at the same time as we currently drop dst

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

kernel: tcp: drop secpath at the same time as we currently drop dst

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

net/mlx5e: Remove skb secpath if xfrm state is not found

...

tcp: drop secpath at the same time as we currently drop dst

...

SUSE CVE-2025-21864

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

CVE-2025-21864 tcp: drop secpath at the same time as we currently drop dst

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to release the secpath in a timely manner when deleting network namespaces, which could lead to...

BIT-PYTHON-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

SUSE CVE-2024-40938

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix dparent walk The WARNONONCE in collectdomainaccesses can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call ...

UBUNTU-CVE-2024-40938

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix dparent walk The WARNONONCE in collectdomainaccesses can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call ...

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

UBUNTU-CVE-2021-29262

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be...

CVE-2020-4053

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended director...

CVE-2018-18950

KindEditor through 4.1.11 has a path traversal vulnerability in php/uploadjson.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication...

OSX Network Share Mounter

This module lists saved network shares and tries to connect to them using stored credentials. This does not require root privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OSX Network...

CVE-2011-3741

Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by hostview.php and certain other files...