291 matches found
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a memory leak in device names within EDAC/versalnet...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: GPU: host1x – Fixed memory leak related to device names The device names allocated by devsetname need to be freed before module unloading. However, this cannot be done because the reference count of the kobject, set during...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
CVE-2026-27693
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...
CVE-2026-27694
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
CVE-2026-27694 traccar allows stored HTML injection in notification emails
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
CVE-2026-27694 traccar allows stored HTML injection in notification emails
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
CVE-2026-27694
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
CVE-2026-27693
CVE-2026-27693 affects Traccar (org.traccar:traccar) versions 6.11.1–
Traccar 跨站脚本漏洞
Traccar is a Java-based website monitoring system developed by the American company Traccar. This software supports over 170 GPS protocols and over 1,500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also provides a user-friendly REST API. Version...
Security Bulletin:Werkzeug safe_join function allows path segments with Windows device names containing file extensions or trailing spaces
Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly...
Security Bulletin:Werkzeug Safe Join Function Vulnerability: Path Segments with Windows Device Names Prior to Version 3.1.4
Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...
Security Bulletin:Safe Join Function Vulnerability Fixed in Werkzeug v3.1.6
Summary Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fac...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf returns the number of characters generated from...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Fix FFA device names for logical partitions Each physical partition can provide multiple services each with UUID. Each such service can be presented as logical partition with a unique combination of VM ID and...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.5-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as...
Security Bulletin: Vulnerability in Werkzeug affects IBM Netezza Appliance
Summary The Werkzeug package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2026-21860 Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin...
Security Bulletin: Vulnerability in Werkzeug affects IBM Netezza Appliance
Summary The Werkzeug package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-66221 Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Name Handling in Werkzeug [CVE-2026-27199]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Name Handling in Werkzeug, due to a safejoin function, that allows Windows device names as filenames if preceded by other path segments, which can cause file reading to hang indefinately CVE-2026-27199. Werkzeug is used in our...
Security Bulletin: Maximo AI Service uses werkzeug-3.1.5-py3-none-any.wh which is vulnerable to CVE-2026-27199.
Summary Maximo AI Service uses werkzeug-3.1.5-py3-none-any.wh which is vulnerable to CVE-2026-27199. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library...