Poly Video - Sensitive Data Might Be Written to Log File

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

CVE-2025-41747

An XSS vulnerability in pxcvlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...

powerpc/eeh: avoid possible crash when edev->pdev changes

...

kernel: dm: fix a race condition in retrieve_deps

A use-after-free flaw was found in the Linux kernel's device-mapper multipath implementation. A race condition exists between retrievedeps and multipathmessage when devices are added or removed. The retrievedeps function walks the device list without holding a lock while multipathmessage can modi...

Horner Automation Remote Compact Controller 安全漏洞

The Horner Automation Remote Compact Controller Horner Automation RCC is a compact controller from Horner Automation, USA. A security vulnerability exists in Horner Automation Remote Compact Controller 972 firmware version 15.40, which originates from the presence of a static encryption key on th...

Mozilla: Use-after-free in cubeb during stream destruction

The Mozilla Foundation Security Advisory describes this flaw as: When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash...

Mozilla: Use-after-free in cubeb during stream destruction

The Mozilla Foundation Security Advisory describes this flaw as: When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash...

CVE-2019-9529

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device...

CVE-2017-14317

A domain cleanup issue was discovered in the C xenstore daemon aka cxenstored in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it including domain...

CVE-2017-14317

A domain cleanup issue was discovered in the C xenstore daemon aka cxenstored in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it including domain...