24 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fs/9p: Only the RWX permissions are translated for the plain 9P2000. Garbage data is allowed to pass through the perm bits of the plain 9P2000, allowing it to set, among other things, the suid bit. This probably wasn’t the intend...
CVE-2026-43215 cifs: Fix locking usage for tcon fields
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifstcpseslock to protect a lot of objects that are not just the server, ses or tcon lists. We later introduced srvlock, seslock and tclock to protect fields within the...
UBUNTU-CVE-2026-6870
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
CVE-2026-6870
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011107)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011107 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a smb3: add smb3.1....
USN-8033-7: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-53173)
NFSv4.0: When two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid in nfs4opendatafree can result in a use-after- free of the pointer to the defunct rpc task of the other thread. This plugin only works with Tenable.ot...
EUVD-2019-5660
Malware in sbrugna...
CVE-2023-53377 cifs: prevent use-after-free by freeing the cfile later
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2compoundop we have a possible use-after-free which can cause hard to debug problems later on. This was revealed during stress testing with KASAN enabled kernel. Fixin...
The vulnerability of the System-to-Intermediate System Protocol Handler component in Cisco IOS XR allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability of the System-to-Intermediate System Protocol Handler component in Cisco IOS XR software is related to insufficient validation of input packets of the IS-IS protocol. Exploiting this vulnerability can allow a malicious actor to trigger a Denial-of-Service attack...
Cisco IOS XR 安全漏洞
Cisco IOS XR is a set of operating systems developed by the U.S.-based Cisco for its network devices. A security vulnerability exists in Cisco IOS XR that stems from insufficient input validation of ingress IS-IS packets...
CVE-2023-1193
A use-after-free flaw was found in setupasyncwork in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work...
SUSE CVE-2003-0432
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the 1 BGP, 2 WTP, 3 DNS, 4 802.11, 5 ISAKMP, 6 WSP, 7 CLNP, 8 ISIS, and 9 RMI dissectors...
SUSE CVE-2014-6425
The 1 getquotedstring and 2 getunquotedstring functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service buffer over-read and application crash via a CUPS packet that lacks a trailing '\0' character...
The vulnerability of services for the NFS ONCRPC XDR driver on Windows operating systems allows a intruder to gain unauthorized access to protected information.
The vulnerability of services for the NFS ONCRPC XDR driver on Windows operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
samba bug fix and enhancement update
An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...
Huawei P30 缓冲区错误漏洞
Huawei P30 is a smartphone from Chinese company Huawei Huawei. Huawei P30 suffers from a memory write out-of-bounds vulnerability. The vulnerability is due to insufficient validation of incoming parameters, a write out-of-bounds occurs in one of the system's protocols when processing a request...
The vulnerability of the implementation of the ISN generator in the protocols used by uC/OS and uC/TCP-IP allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ISN generator implementation in the uC/OS and uC/TCP-IP protocols is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR allows a attacker to cause a service failure.
The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR is related to errors in handling SNMP requests. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
CVE-2019-14473
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...