Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

GHSA-X8JC-JVQM-PM3F File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution

Summary The signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin commit a63573b. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side...

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection in the getAllCategories function via the doNotShowCats parameter due to insufficient sanitization, where only single quotes are stripped but...

Identifying Adversary Tactics and Techniques in Malware Binaries with an LLM Agent

Understanding TTPs Tactics, Techniques, and Procedures in malware binaries is essential for security analysis and threat intelligence, yet remains challenging in practice. Real-world malware binaries are typically stripped of symbols, contain large numbers of functions, and distribute malicious...

CVE-2022-50817

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

CVE-2022-50817

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

CVE-2022-50817 net: hsr: avoid possible NULL deref in skb_clone()

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

CVE-2022-50817

CVE-2022-50817 : Linux kernel vulnerability in the HSR path where a NULL pointer deference could occur in skb_clone(), triggered by a bug in hsr_get_untagged_frame(). The issue arises when create_stripped_skb_hsr() returns NULL and skb_clone() is still invoked. Documents consistently describe the...

Malicious code in @akunsansan0/biru38 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbf8db8917918d0a3bcef7943fefa20905495de9100964af08f1ceef9a0e1268 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in masoodkashif (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ded60cfbd213b919dc7d7f1a49b2e4580ba95ab161cb3a7444aa060de5d9f529 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hariyono-poke112 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25303934a10b7a6302c8adf799c7244df48ae152b1bfe8499cb5ca783fe587b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140644 Malicious code in chalk-jest-nestjs-node-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ab344fb3ee584eae4df856234f3fd3843fd7aa00e09dcf066ce25fce9a0fe3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2018-5392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by...

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

VulBinLLM: LLM-Powered Vulnerability Detection for Stripped Binaries

Recognizing vulnerabilities in stripped binary files presents a significant challenge in software security. Although some progress has been made in generating human-readable information from decompiled binary files with Large Language Models LLMs, effectively and scalably detecting vulnerabilitie...

SUSE CVE-2020-24369

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference...

CVE-2022-38453

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...

CVE-2022-38453 Contec Health CMS8000

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...

Exploit for Uncontrolled Recursion in Golang Go

CVE-2022-24675 tools Usage instructions cve202...