126 matches found
CVE-2025-59605
Memory Corruption when processing device identifier strings that exceed the expected maximum length...
CVE-2025-59605
Memory Corruption when processing device identifier strings that exceed the expected maximum length...
CVE-2025-59605 Out-of-bounds Write in HLOS
Memory Corruption when processing device identifier strings that exceed the expected maximum length...
CVE-2025-59605 Out-of-bounds Write in HLOS
Memory Corruption when processing device identifier strings that exceed the expected maximum length...
Qualcomm Chipsets Buffer Error Vulnerability
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. Qualcomm Chipsets have a buffer error vulnerability, which stems from memory corruption when processing device identifier strings that exceed the expected maximum length...
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...
CVE-2026-47273 pam_usb: XPath injection via PAM-supplied identifiers in pam_usb configuration queries
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb builds XPath expressions from user-supplied identifiers PAM username, service name and device-supplied identifiers USB device serial, model, vendor to query /etc/pamusb.conf. These identifiers...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: Input: iforce – invert the valid length check when fetching device IDs. syzbot is reporting an uninitialized value at iforceinitdevice 1. The commit 6ac0aec6b0a6 “Input: iforce – allow callers to supply a data buffer when fetchin...
CVE-2026-35064
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
CVE-2026-35064
CVE-2026-35064 concerns SenseLive X3050’s management ecosystem. The vulnerability allows unauthenticated discovery of deployed units via the vendor’s management protocol, enabling an attacker on the same network segment to identify device presence, identifiers, and management interfaces because d...
Electron 安全漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There are security vulnerabilities in versions ...
CVE-2026-32953
Tillitis TKey Client (Go module tkeyclient) versions
Tillitis TKey Client has an Error in Protocol Implementation
Impact Some specific 1 out of 256 User Supplied Secrets USS were not used, making the resulting Compound Device Identifier CDI the same as if no USS was provided. Affected client applications: all client apps using the tkeyclient Go module. Patches Upgrade to v1.3.0. NOTE WELL: For the affected e...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
EUVD-2026-10039
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...