427 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rvcv: fixed an oops caused by the irqsoff latency tracer. The tracehardirqson,off functions require the caller to properly set up the frame pointer. This is because these two functions use the macro CALLERADDR1 also known as...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a use-after-free in printgraphfunctionflags during tracer switching. Kairui reported a UAF issue in printgraphfunctionflags during ftrace stress testing 1. This issue can be reproduced by putting a ‘mdelay10’ after...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters We have added validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes caused by malformed format strings...
LangChain Core 1.3.2 / 0.3.84 Tracer Deserialization / Credential Disclosure
LangChain Core has a tracer deserialization vulnerability that could allow unauthenticated remote credential exfiltration in affected deployments. Versions 1.3.2 and 0.3.84 are affected...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable the functiongraph tracer when setting the funcgraph-args option. When setting the funcgraph-args option, if the functiongraph tracer is disabled, it incorrectly enables itself. Moreover, it unregisters itsel...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: The handling of setting the fpc register was corrected. If the value of the floating-point control fpc register of a traced process is modified using the ptrace interface, the new value is tested for validity by...
CVE-2026-33566
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...
CVE-2026-33566
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...
LogonTracer 操作系统命令注入漏洞
LogonTracer is a visual system log analysis tool developed by the Japanese JPCERT organization. This product can detect malicious login attempts by analyzing Windows Active Directory event logs. Versions of LogonTracer prior to 2.0.0 contained a vulnerability related to operating system command...
Multiple vulnerabilities in LogonTracer
Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...
Exploit for OS Command Injection in Fortinet Fortisandbox
FortiSandbox RCE Scanner — CVE-2026-39808...
Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of Hard-Coded, Security-Relevant Constants (CVE-2026-28256)
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...
Trane Tracer SC, Tracer SC+, and Tracer Concierge Memory Allocation with Excessive Size Value (CVE-2026-28253)
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Trane Tracer SC, Tracer SC+, and Tracer Concierge Missing Authorization (CVE-2026-28254)
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of Hard-Coded Credentials (CVE-2026-28255)
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...
Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-28252)
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. This plugin only works with Tenable.ot. Please visit...
CVE-2026-28254
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs...
CVE-2026-28256
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts...
CVE-2026-28252
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device...
CVE-2026-28255
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts...