CVE-2026-43217

A flaw was found in the Linux kernel's media: iris: gen2 component. When a session is stopped, a memory deallocation occurs. If a subsequent streaming stop operation is initiated without proper validation, it attempts to access already freed memory. This can be triggered by a local attacker or a...

CVE-2026-43217

In the Linux kernel, the following vulnerability has been resolved: media: iris: gen2: Add sanity check for session stop In iriskillsession, inst-state is set to IRISINSTERROR and sessionclose is executed, which will kfreeinsthfigen2-packet. If stopstreaming is called afterward, it will cause a...

CVE-2026-43217

In the Linux kernel, the following vulnerability has been resolved: media: iris: gen2: Add sanity check for session stop In iriskillsession, inst-state is set to IRISINSTERROR and sessionclose is executed, which will kfreeinsthfigen2-packet. If stopstreaming is called afterward, it will cause a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs Gen 2 Hyper-V VMs boot via EFI and have a standard EFI framebuffer device. When the kdump kernel runs in such a VM, loading the efifb driver may hang because of...

CVE-2026-0421

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode...

SpaceX Starlink Wi-Fi router 安全漏洞

The SpaceX Starlink Wi-Fi router is a series of routers from SpaceX in the United States. A security vulnerability exists in SpaceX Starlink Wi-Fi router GEN 2 versions prior to 2023.53.0, Starlink Dish versions prior to 07dd2798-ff15-4722-a9ee-de28928aed34. An attacker could exploit this...

PT-2023-28838 · Telstra · Telstra Smart Modem Gen 2

Name of the Vulnerable Software and Affected Versions: Telstra Smart Modem Gen 2 Arcadyan LH1000 versions prior to 0.18.15r Description: The issue allows unauthenticated attackers to upload firmware images and configuration backups, potentially leading to code execution as root. This could enable...

Telstra Smart Modem Command Injection Vulnerability

Telstra Smart Modem is a smart modem from Telstra. A security vulnerability exists in Telstra Smart Modem Gen 2 firmware prior to version 0.18.15r, which originates from a vulnerability that allows an authenticated attacker to achieve command injection as root via the pingfrom parameter...

Telstra Smart Modem Code Issue Vulnerability

Telstra Smart Modem is a smart modem from Telstra. A security vulnerability exists in Telstra Smart Modem Gen 2 firmware prior to version 0.18.15r, which originates from a vulnerability that could allow an authenticated attacker to alter the firmware or configuration on the device and execute cod...

CVE-2023-36623

The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges...

PT-2023-25640 · Loxone · Loxone Miniserver Go Gen.2

Name of the Vulnerable Software and Affected Versions: Loxone Miniserver Go Gen.2 through 14.0.3.28 Description: The issue allows an authenticated operating system user to escalate privileges via the Sudo configuration, enabling the elevated execution of binaries without a password requirement...

Loxone Miniserver 安全漏洞

Loxone Miniserver is a server from Loxone, Inc. that automates equipment in buildings, houses, and homes to provide energy management, monitoring, and other functions. A security vulnerability exists in Loxone Miniserver Go Gen.2 14.0.3.28 and earlier versions, which originates from a vulnerabili...

Ubiquiti UniFi Cloud Key 跨站请求伪造漏洞

Ubiquiti UniFi Cloud Key is a secret key device that supports management of UniFi networks from Ubiquiti, Inc. A security vulnerability exists in the Ubiquiti UniFi Cloud Key UniFi OS 2.5 and prior versions, which originated from a vulnerability that allows malicious actors to access certain...

CVE-2022-45588

All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity XXE type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are no...