35 matches found
CVE-2026-43917
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...
PT-2026-44929
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...
Linux Distros Unpatched Vulnerability : CVE-2026-45923
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ar5523: Proper endpoint verification should be enabled. Syzkaller reports that 1 encountered a warning regarding an endpoint in use that does not have the expected type. This issue can be fixed by checking the existence of...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML endpoint not verifying the status of external identity Providers. This could lead to bypassing security controls and performing unauthorized...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-382934)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-382934 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports 1 hitting a warning about an...
EUVD-2024-32094
Malicious code in bioql PyPI...
SUSE CVE-2022-50297
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...
UBUNTU-CVE-2022-50297
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...
CVE-2022-50297
CVE-2022-50297 concerns the Linux kernel driver for ath9k USB wireless devices. The issue arises when a USB device claims to be ATH9K but does not expose the endpoints the driver expects; specifically, an interrupt endpoint is presented where a bulk endpoint is anticipated. This mismatch can caus...
CVE-2025-20317 Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An...
CVE-2025-20317 Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An...
PT-2025-33006 · F5 · F5 Access For Android
Name of the Vulnerable Software and Affected Versions: F5 Access for Android versions prior to 3.1.2 Description: F5 Access for Android, when using HTTPS, does not verify the identity of the remote endpoint. Recommendations: Update to version 3.1.2 or later...
UBUNTU-CVE-2025-21916
In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see 1. This time the issue stems from a commit authored by me 2eabb655a968 "usb: atm: cxacru: fix endpoint...
CVE-2025-21916 usb: atm: cxacru: fix a flaw in existing endpoint checks
In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see 1. This time the issue stems from a commit authored by me 2eabb655a968 "usb: atm: cxacru: fix endpoint...
CVE-2025-21916
CVE-2025-21916 is part of Unity Linux/Fedora kernel advisories describing a fix for a flaw in USB ATM CXACRU endpoint checking. The root cause was insufficient verification of USB endpoint addresses in cxacru_bind(), leading to incorrect URB handling (e.g., bogus urb xfers). The mitigation is to ...
SUSE CVE-2025-21877
In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelinkbind Syzbot reports 1 a warning in usbsubmiturb triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelinkbind does not properly...
AZL-49254 CVE-2024-45011 affecting package kernel for versions less than 6.6.51.1-1
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN...
SUSE CVE-2024-41097
In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...
SUSE CVE-2024-38565
In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports 1 hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...