25 matches found
ROOT-OS-DEBIAN-11-CVE-2026-23446 CVE-2026-23446 in rootio-linux - Patched by Root
Root has patched CVE-2026-23446 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-23446 CVE-2026-23446 in rootio-linux - Patched by Root
Root has patched CVE-2026-23446 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
CVE-2026-23446
creationtimestamp| type| source ---|---|--- 2026-05-05 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260506 2026-05-31 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/suse-linux-kernel-multiple-vulnerabilities20260601...
CVE-2026-23446
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpmresume" This is caused by aqc111suspend calling the PM variant of its writecmd routine. The simplified call trace looks like this:...
CVE-2026-23446
CVE-2026-23446 affects the Linux kernel aqc111 USB driver. The vulnerability arises when aqc111_suspend uses the PM variant of write_cmd during suspend, causing pm_runtime_resume_and_get to propagate a suspend wait into rpm_resume on the parent, which can block and hang the network stack. The doc...
CVE-2025-23446
Cross-Site Request Forgery CSRF vulnerability in KokoenDE WP SpaceContent wp-spacecontent allows Stored XSS.This issue affects WP SpaceContent: from n/a through = 0.4.5...
CVE-2025-23446
Cross-Site Request Forgery CSRF vulnerability in KokoenDE WP SpaceContent wp-spacecontent allows Stored XSS.This issue affects WP SpaceContent: from n/a through = 0.4.5...
CVE-2025-23446 WordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in KokoenDE WP SpaceContent wp-spacecontent allows Stored XSS.This issue affects WP SpaceContent: from n/a through = 0.4.5...
SUSE CVE-2024-23446
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API may obtain unauthorized access to documents if...
CVE-2024-23446
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API may obtain unauthorized access to documents if...
CVE-2024-23446
CVE-2024-23446 pertains to Kibana’s Detection Engine Search API failing to enforce Document-level security (DLS) and Field-level security (FLS) on .alerts-security.alerts-{space_id} indices. The issue allows users with API access and DLS/FLS-enabled roles to potentially read unauthorized document...
CVE-2024-23446 Kibana Broken Access Control issue
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API may obtain unauthorized access to documents if...
Kibana 8.12.1 Security Update (ESA-2024-01)
Kibana Broken Access Control issue ESA-2024-01 An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API...
CVE-2023-23446
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface...
CVE-2023-23446
The CVE-2023-23446 issue affects SICK FTMg AIR FLOW SENSOR versions/partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526, caused by improper access control. An unprivileged remote attacker can download files via the REST interface, exposing confidentiality (CVSS3.1: HIGH, AV:...
CVE-2022-23446
creationtimestamp| type| source ---|---|--- 2022-04-06 12:30:07+00:00| seen| https://t.me/cibsecurity/40224...
CVE-2022-23446
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission...
CVE-2022-23446
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission...
CVE-2022-23446
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission...
CVE-2022-23446
CVE-2022-23446 affects Fortinet FortiEDR v5.0.3 and earlier. Root-cause: improper control of a resource through its lifetime leading to denial of service by changing root directory access permissions. Affected component is FortiEDR; impact is application unresponsiveness (availability). No remedi...