IBM Aspera Console Denial of Service Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

IBM Aspera Console Information Disclosure Vulnerability (CNVD-2026-17491)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. An information disclosure vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to enumera...

IBM Aspera Console Denial of Service Vulnerability (CNVD-2026-19449)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

PT-2026-26481

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2022-11-08T05-27-07Z through RELEASE.2026-03-17T21-25-16Z Description MinIO has a JWT algorithm confusion issue in its OpenID Connect authentication. An attacker who knows the OIDC ClientSecret can forge identity tokens...

CLSA-2026-1773832495 Fix of 114 CVEs

CVE-2023-53515 - virtio-mmio: don't break lifecycle of vmdev CVE-2023-53515 CVE-2025-39967 - fbcon: fix integer overflow in fbcondosetfont CVE-2025-39967 - fbcon: Fix OOB access in font allocation CVE-2025-39967 CVE-2025-38702 - fbdev: fix potential buffer overflow in doregisterframebuffer...

CVE-2026-22321

CVE-2026-22321 describes a stack-based buffer overflow in the device’s Telnet/SSH CLI login routine triggered by oversized/unexpected username input from an unauthenticated attacker. This crashes only the thread handling the login attempt while other CLI sessions remain unaffected, resulting in a...

ruby4.0-rubygem-web-console-4.2.1-1.9 on GA media (moderate)

ruby4.0-rubygem-web-console-4.2.1-1.9 on GA media Announcement ID: openSUSE-SU-2026:10367-1 Rating: moderate Cross-References: CVE-2015-3224 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

EUVD-2026-12600

The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

CVE-2026-32291 GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

CVE-2026-32291

The CVE-2026-32291 issue affects GL-iNet Comet KVM (GL-RM1) prior to firmware 1.8.2, where the UART serial console does not require authentication. An attacker with physical access can connect to UART pins to gain root-level access. The Red Hat and ENISA entries corroborate this UART-authenticati...

CVE-2026-32291 GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

CVE-2026-32291

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

GL-iNet Comet 安全漏洞

GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability present in GL-iNet Comet, which stems from the UART serial console lacking authentication. This allows attackers with physical access to the device to connect ...

PT-2026-25913

CVE-2026-32291 The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UA… https://t.co/3nIVbSAO2u...

Important: Red Hat Security Advisory: Red Hat Data Grid 8.6.0 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

EUVD-2025-208658

IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow...

EUVD-2025-208657

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency...

EUVD-2025-208660

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy...

CVE-2025-13459

IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow...