2799 matches found
PUB-A-438759342
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20834-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20834-1 advisory. Changes in apptainer: - Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-39833,...
OSV-2026-828 Use-of-uninitialized-value in ReadContainer
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517870853 Crash type: Use-of-uninitialized-value Crash state: ReadContainer PKImageDecodeInitializeWMP PKCodecFactoryCreateDecoderFromFile...
OPENSUSE-SU-2026:20834-1 Security update for apptainer
This update for apptainer fixes the following issues: Changes in apptainer: - Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-39833, CVE-2026-39830, CVE-2026-39832, CVE-2026-46597, CVE-2026-46598, CVE-2026-46595, CVE-2026-39835 bsc12662...
PT-2026-43283
Name of the Vulnerable Software and Affected Versions IBM Cloud Pak for Data System - Cyclops versions 11.3.0.2 through Interim Fix 002 Description IBM Cloud Pak for Data System uses default passwords from the manufacturing process during the installation process, which could allow an attacker to...
CVE-2026-24218
CVE-2026-24218 affects NVIDIA DGX OS. The vulnerability arises during factory provisioning: cloning a base image deploys identical SSH host keys across multiple systems, enabling host impersonation or attacker-in-the-middle attacks. Consequences listed include potential code execution, data tampe...
CVE-2026-24218
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...
CVE-2026-24218
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...
Astra Linux - уязвимость в axis
UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it might not have been obvious that using “ServiceFactory.getService” could allow for the use of potentially dangerous lookup mechanisms, such as LDAP. Passing untrusted input to this API method could expose the...
NVIDIA DGX OS 安全漏洞
NVIDIA DGX OS is a Linux operating system and cluster management environment for the DGX AI server platform developed by NVIDIA Corporation in the United States. NVIDIA DGX OS contains security vulnerabilities. These vulnerabilities arise from cloning base images during factory configuration...
CVE-2026-5804
An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...
CVE-2026-5804
An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...
CVE-2026-5804
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-5804
An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...
CVE-2026-5804
An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...
EUVD-2026-30942
An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...
CVE-2026-31910
CVE-2026-31910 (Apache OFBiz) is an SSRF vulnerability tied to improper input validation in UI Factory Classes. Affected software is Apache OFBiz prior to 24.09.06. The issue enables Server-Side Request Forgery and is addressed by upgrading to version 24.09.06, which contains the fix. No exploita...
CVE-2026-31910 Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access
Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
Motorola Factory Test 安全漏洞
Motorola Factory Test is a mobile device hardware testing and production testing tool developed by the American company Motorola. Motorola Factory Test contains a security vulnerability. This vulnerability stems from the use of references to writable file descriptors in applications, which may...
PT-2026-41947
An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...