1307 matches found
CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
UBUNTU-CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
EUVD-2026-32044
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
PT-2026-43487
Name of the Vulnerable Software and Affected Versions IO::Compress versions 2.207 through 2.219 Description The bundled zipdetails CLI tool crashes when processing an Info-ZIP Unix Extra Field tag 0x7875 where the UID Size or GID Size is set to 8. This occurs because the decode ux function trigge...
IO-Compress 安全漏洞
IO-Compress is a Perl library developed by Paul Marquess, which supports various compression formats. Versions of IO-Compress from 2.207 to 2.220 had security vulnerabilities. These vulnerabilities occurred due to the zipdetails CLI tool crashing when processing Info-ZIP Unix Extra Fields. This...
Linux Distros Unpatched Vulnerability : CVE-2026-48961
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-by...
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In statmountstring, most flags assign an output offset pointer offp, which is later updated with the string offset. However, in the cases of STATMOUNTMNTUIDMAP and STATMOUNTMNTGIDMAP, the struct fields are directly set instead of...
EUVD-2026-30804
SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQ...
SOGo SQL注入漏洞
SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Version 5.12.7 of SOGo contains a SQL injection...
CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
net-imap vulnerable to command Injection via "raw" arguments to multiple commands
Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
🚨 CVE-2026-31431: Copy Fail Un fallo crítico de 9 años en...
CLSA-2026-1777378650 Fix CVE(s): CVE-2023-26604
SECURITY UPDATE: systemctl may pass arbitrary shell commands from a pager like more1 that does not honor LESSSECURE, allowing privilege escalation under sudo. - debian/patches/CVE-2023-26604.patch: set LESSSECURE=1 when invoking a pager, rename to SYSTEMDPAGERSECURE, gate insecure pagers behind...
EUVD-2026-25515
In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digitalinrecvsddres appends 3 or 4 bytes to target-nfcid1 on each round, but the number of cascade rounds is controlled...
CVE-2026-31622
Summary (CVE-2026-31622): In the Linux kernel NFC digital subsystem, the NFC‑A cascade depth handling in digital_in_recv_sdd_res() could allow a malicious peer to keep sending cascade responses, causing writes past the allocated nfc_target buffer (heap overflow) by exceeding the cascade depth. Th...
PT-2026-34974
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the NFC-A anti-collision cascade within the digital in recv sdd res function. The process appends 3 or 4 bytes to target-nfcid1 during each round, but the number of roun...