127 matches found
ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...
CVE-2026-43428 USB: core: Limit the length of unkillable synchronous timeouts
In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...
CVE-2026-7415
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...
CVE-2026-7415
The CVE-2026-7415 vulnerability affects the MQTT broker embedded in Yarbo firmware v2.3.9. The broker is configured to allow anonymous connections with no topic-level read/write ACLs, enabling any host on the same network to subscribe to sensitive telemetry topics or publish control messages dire...
CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...
CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...
CVE-2026-7415
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...
Yarbo 访问控制错误漏洞
Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains an access control vulnerability. This vulnerability stems from the MQTT proxy configuration, which allows anonymous connections without topic-level read/write ACLs. ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007578)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007578 advisory. In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usbcontrolmsg routines Automatic kernel fuzzing led to a WARN about invali...
CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
CLSA-2026-1768663754 kernel: Fix of 38 CVEs
ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 CVE-2025-38249 - drm/i915/gt: Fix timeline left held on VMA alloc error CVE-2025-38389 - md/raid1: Fix stack memory use after return in raid1reshape CVE-2025-38445 - atm: clip: Fix infinite recursive call of clippush...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000680)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000680 advisory. Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service...
CVE-2021-28362
An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked with respec...
CVE-2026-22541 DENIAL OF SERVICE VIA ICMP PACKETS
The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly...
CVE-1999-0043
Command execution via shell metachars in INN daemon innd 1.5 using "newgroup" and "rmgroup" control messages, and others...
CVE-1999-0100
Remote access in AIX innd 1.5.1, using control messages...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992835)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992835 advisory. In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usbcontrolmsg routines Automatic kernel fuzzing led to a WARN about invali...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992297)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992297 advisory. In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usbcontrolmsg routines Automatic kernel fuzzing led to a WARN about invali...
kernel: sunrpc: fix client side handling of tls alerts
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...