EUVD-2016-10902

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

CVE-2016-20089

The CVE-2016-20089 entry concerns Iperius Remote 1.7.0, where an unquoted service path vulnerability enables local users to execute arbitrary code with SYSTEM privileges by placing a malicious executable in the service path. The issue is triggered when the software is installed in directories tha...

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

EUVD-2016-10900

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

CVE-2016-20087 Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that enables local privilege escalation by exploiting the service binary path. An attacker can place a malicious executable in the system root, which will run with SYSTEM privileges during service startup or system reboot. Aff...

Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-38031

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-si...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virtualization mode when SMM state is toggled The nested virtualization mode is forcibly exited if the user space toggles the SMM state using KVMSETVCPUEVENTS or KVMSYNCX86EVENTS. If the user space...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: 9p: fixed a refcount leak in error handling of p9readwork. - p9reqput must be called when m-rreq-rc.sdata is NULL to avoid a temporary refcount leak. Dominique: made changes to the commit message, fixed arguments for...

Astra Linux – Vulnerability in Zabbix

Users who do not have permission for any host can access and view the number of hosts along with other statistics through the System Information Widget in the Global View Dashboard...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not erase the value of ret in btrfsvalidatesuper. Commit 2a9bb78cfd36 “btrfs: validate the system chunk array in btrfsvalidatesuper” introduces a call to validatesyschunkarray in btrfsvalidatesuper, which erases the val...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock issue with buffermutex and mmaplock syzbot detected a potential deadlock between the PCM’s runtime-buffermutex and the mm-mmaplock. This issue arose due to the recent fix related to racy...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid potential panic during recovery. During recovery, if FAULTBLOCK is enabled, it is possible that f2fsreservenewblock will return -ENOSPC during recovery, which may trigger a panic. Additionally, if the faul...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cifs: A use-after-free bug has been fixed in refreshcacheworker. The UAF bug occurred because we were putting DFS root sessions into cifsumount while the DFS cache refresher was executing. We have ensured that DFS root session...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: The abort logic in btrfsreplacefileextents has been fixed. Error injection testing uncovered a case where a corrupt file system could occur, with an missing extent in the middle of a file. This occurs because the if...

Astra Linux – Vulnerability in Keepalived

In Keepalived versions up to 2.2.4, the D-Bus mechanism does not sufficiently restrict the destination of messages, allowing any user to inspect and manipulate any property. This leads to bypasses of access controls in some situations, where a unrelated D-Bus system service has a settable writabl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fixed an infinite loop in attrloadrunsrange when there are inconsistencies in metadata. We have identified a bug in the ntfs3 file system where a malformed NTFS image can cause an infinite loop. This occurs when an...

Astra Linux – Vulnerability in OpenSSH

A vulnerability was discovered in OpenSSH when the VerifyHostKeyDNS option is enabled. A man-in-the-middle attack can be carried out by a malicious machine pretending to be a legitimate server. This issue arises due to the way OpenSSH handles error codes under certain conditions during the...