10 matches found
EUVD-2026-41242
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-13131
GeoWebPlayer Websocket Server (GeoVision) has a concrete out-of-bounds read vulnerability in the connectInfo command (index not range-checked), enabling out-of-bounds access to viewer IPCams and potential code execution. Reported for GeoWebPlayer 1.1.1.0; CVSSv3.1 score 8.3 (NETWORK, HIGH impact)...
GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerabilities
Summary Multiple exploitable out-of-bounds read vulnerabilities exist in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to trigger these vulnerabilities...
GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerabilities
Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the Websocket Server connectInfo handler functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000862)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000862 advisory. The procconnectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003338)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003338 advisory. The procconnectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002870)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002870 advisory. The procconnectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to...
SUSE CVE-2016-4482
The procconnectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFSCONNECTINFO ioctl call...
openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)
The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils wa...
PT-2016-5973 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.7 Description: The issue concerns the proc connectinfo function in the Linux kernel, which fails to initialize a certain data structure. This allows local users to obtain sensitive information from kernel stac...