Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...

kernel: NFS: Fix a race when updating an existing write

A flaw use after free in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

kernel: NFS: Fix a race when updating an existing write

A flaw use after free in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

kernel: NFS: Fix a race when updating an existing write

A flaw use after free in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

NFS: Fix a race when updating an existing write

...

AZL-66926 CVE-2025-39697 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...

UBUNTU-CVE-2025-39697

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...

CVE-2025-39697 NFS: Fix a race when updating an existing write

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...

CVE-2025-39697

CVE-2025-39697 affects the Linux kernel’s NFS write path. The vulnerability arises from a race where, after nfs_lock_and_join_requests() tests if a request remains attached to the mapping, a call to nfs_inode_remove_request() can still succeed before the page group is locked. The root cause is th...

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

Exploit for: GravCMS 1.10.7 - Arbitrary YAML Write/...

PT-2024-18781 · Samsung · Galaxy Store

Name of the Vulnerable Software and Affected Versions: Galaxy Store versions prior to 4.5.71.8 Description: The issue is related to improper verification of intent by a broadcast receiver in Galaxy Store, allowing local attackers to write arbitrary files with the privilege of Galaxy Store...

Grav CMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) Exploit (2)

Exploit Title: GravCMS 1.10.7 - Arbitrary YAML Write/Update Unauthenticated 2 Original Exploit Author: Mehmet Ince Vendor Homepage: https://getgrav.org Version: 1.10.7 Tested on: Debian 10 Author: legend /usr/bin/python3 import requests import sys import re import base64 target=...

CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

PT-2019-14693 · Yandex +1 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 19.14 Description: The issue concerns an out-of-bounds OOB read, OOB write, and integer underflow in decompression algorithms. This can be exploited to achieve remote code execution RCE or cause a denial of servic...

Directory traversal

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection SES:CSP 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices SES:CSP 6.5.0 before MP1, Critical System Protection SCSP before 5.2.9 MP6,...