182 matches found
CVE-2026-9400
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...
CVE-2026-9400
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...
CVE-2026-9400 Edimax BR-6675nD POST Request formUSBStorage command injection
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba This vulnerability was discovered by Atuin – the Automated Vulnerability Discovery Engine. newpba is a value derived from the status packet returned after each write operation. A...
CVE-2026-43488
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhciirq function and causes...
CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member “uzonesize” of the struct alaudainfo structure will remain 0 if alaudainitmedia fails. This could potentially cause division errors in alaudareaddata and...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the 'ioctlsg01' test from Linux Test Project LTP. The following bytes were mainly observed: 0x53425355. When USB storage devices incorrect...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alaudatransport+0x462/0x57f0...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: A division-by-zero error has been prevented in the isd200atacommand function. The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate the cylinder and head...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011411)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011411 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012979)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012979 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013092)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013092 advisory. In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about acce...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011268 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the...
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1339)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : media: v4l2-mem2mem: add lock to protect parameter numrdyCVE-2023-53519 md: Replace snprintf with scnprintfCVE-2022-50299 mm/vmscan: don't try to...
EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-1537)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : media: v4l2-mem2mem: add lock to protect parameter numrdyCVE-2023-53519 md: Replace snprintf with scnprintfCVE-2022-50299 mm/vmscan...
Amazon Linux 2 : kernel, --advisory ALAS2-2026-3165 (ALAS-2026-3165)
The version of kernel installed on the remote host is prior to 4.14.350-266.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3165 advisory. A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function...
CVE-2025-15543
CVE-2025-15543 : In TP-Link VX800v v1.0, an improper link resolution in the USB HTTP access path can be triggered by a crafted USB device, exposing the root filesystem contents and allowing a physically present attacker to read system files (read‑only). Connected sources also indicate a recommend...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-116 (ALASKERNEL-5.4-2025-116)
The version of kernel installed on the remote host is prior to 5.4.254-169.358. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-116 advisory. A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss ...