60 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Soundwire: qcom: fix for storing port configuration beyond the bounds The value of qcomswrmctrl-pconfig is QCOMSDWMAXPORTS 14. However, we index it starting from 1, not 0, to match actual port numbers. This can lead to writing po...
CVE-2025-70237
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr...
CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
CVE-2026-23115 serial: Fix not set tty->port race condition
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
Availability Attacks without an Adversary: Evidence from Enterprise LANs
Denial-of-Service DoS conditions in enterprise networks are commonly attributed to malicious actors. However, availability can also be compromised by benign non-malicious insider behavior. This paper presents an empirical study of a production enterprise LAN that demonstrates how routine docking...
GO-2025-4231 1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality in github.com/1Panel-dev/1Panel
1Panel contains a cross-site request forgery CSRF vulnerability in the web port configuration functionality in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...
EUVD-2025-202723
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the port-change endpoint in the web port configuration process. An attacker can cause service disruption or loss of access by tricking an authenticated user into submitting a crafted request, which...
EUVD-2025-202535
1Panel contains a cross-site request forgery CSRF vulnerability in the web port configuration functionality...
1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...
GHSA-WRVC-X3WF-J5F5 1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...
CVE-2025-34429 1Panel CSRF Web Port Configuration Change
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...
1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...
1Panel 跨站请求伪造漏洞
1Panel is an open source Linux server operation and management panel from the China 1Panel community. A cross-site request forgery vulnerability exists in 1Panel versions 1.10.33 through 2.0.15. The vulnerability stems from the Web Port Configuration feature that does not implement CSRF protectio...
EUVD-2025-201895
An XSS vulnerability in pxcportCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-leve...
EUVD-2025-201900
An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41750
An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41751
An XSS vulnerability in pxcportCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...
CVE-2025-41750 Reflected XSS vulnerability in pxc_PortCfg.php
An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...