12373 matches found
CVE-2026-20141
The advisory for CVE-2026-20141 describes an improper access control in the Splunk Monitoring Console App affecting Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9. A low-privilege user without the admin role could access Monitoring Console endpoints, leading to potential sensit...
CVE-2026-20141
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure. The Monitoring...
SUSE CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
Splunk Enterprise 信息泄露漏洞
Splunk Enterprise is a data collection and analysis software developed by the American company Splunk. Versions of Splunk Enterprise prior to 10.0.2, 10.0.3, 9.4.8, and 9.3.9 contained an information leakage vulnerability. This vulnerability stemmed from improper access control; low-privilege use...
PT-2026-20471
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring...
Splunk Enterprise 9.3.0 < 9.3.9, 9.4.0 < 9.4.8, 10.0.0 < 10.0.3 (SVD-2026-0206)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0206 advisory. - In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the admin Splun...
Arbitrary Argument Injection
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Arbitrary Argument Injection via arguments passed to the addhostkey function. A user with access to the management console can add a malicio...
Weblate has an argument injection in management console
Impact The SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Patches https://github.com/WeblateOrg/weblate/pull/17722 Workarounds Properly limit access to the management console. References This issue was...
GHSA-33FM-6GP7-4P47 Weblate has an argument injection in management console
Impact The SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Patches https://github.com/WeblateOrg/weblate/pull/17722 Workarounds Properly limit access to the management console. References This issue was...
Linux Distros Unpatched Vulnerability : CVE-2026-23115
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serial: Fix not set tty-port race condition Revert commit bfc467db60b7 serial: remove redundant ttyportlinkdevice because the ttyportlinkdevice is not redundant...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release
Red Hat JBoss Web Server 6.2.0 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Linux Enterprise 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...
CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2025-38685)
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fastimageblit This issue triggers when a userspace program does an ioctl FBIOPUTCON2FBMAP by passing console number and frame buffer number. Ideally this maps console to frame buffer and...
CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
UBUNTU-CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
CVE-2026-23115
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...
CVE-2026-23115
CVE-2026-23115 concerns the Linux kernel serial subsystem. The issue is a race where tty->port may not be linked before uart_configure_port is invoked, allowing user-space to open a console without a linked TTY and risking a crash. The fix notes that tty_port_link_device() is not redundant and...