Lucene search
K

40 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40437

Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-56320

Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...

7.1CVSS0.00222EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:8 p.m.4 views

CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint

Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...

7.1CVSS6AI score0.00222EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.24 views

CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint

Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...

7.1CVSS0.00222EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.12 views

CVE-2026-56320

Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id without validating it matches the target app’s owner organization. Authenticated attackers can create device records for an application using a foreign organization identifier...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fixed a memory leak that occurred during registration failures in cscfgcreatedevice. deviceregister calls deviceinitialize. According to the documentation for deviceinitialize: “Use putdevice to release the...

5.5CVSS5.9AI score0.00245EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: drbd: Use of “free” after calling drbdcreatedevice The drbdDestroyConnection function frees the “connection” object. Therefore, it is necessary to use the safe iterator to prevent a use of a freed resource after the initial...

7.8CVSS6.2AI score0.00194EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010914)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010914 advisory. In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfgcreatedevice deviceregister calls...

5.5CVSS5.7AI score0.00245EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/31 11:42 a.m.5 views

CVE-2026-23029

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmeiointcdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmeiointcdestroy is not currently doing...

5.7AI score0.00194EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Handle errors from amdgpucgscreatedevice in amdpowerplaycreate. Add error handling to propagate the failures of amdgpucgscreatedevice to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM t...

5.5CVSS6.3AI score0.0023EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003863)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003863 advisory. In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free...

8.1CVSS6.5AI score0.16523EPSS
Exploits2References31
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993302 advisory. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the connection so use th...

7.8CVSS6.5AI score0.00194EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991173)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991173 advisory. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the connection so use th...

7.8CVSS6.5AI score0.00194EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990800 advisory. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the connection so use th...

7.8CVSS6.5AI score0.00194EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-37852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: handle amdgpucgscreatedevice errors in amdpowerplaycreate Add error handling to propagate amdgpucgscreatedevice failures to the caller. When...

5.5CVSS6.8AI score0.0023EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.4 views

drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()

...

5.5CVSS7.2AI score0.0023EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 p.m.6 views

CVE-2021-39637

In CreateDeviceInfo of trustyremoteprovisioningcontext.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.4CVSS6.1AI score0.00119EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/05/21 12:46 a.m.4 views

SUSE CVE-2025-37974

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpcicreatedevice error return The zpcicreatedevice function returns an error pointer that needs to be checked before dereferencing it as a struct zpcidev pointer. Add the missing check in clpadd...

5.5CVSS7.6AI score0.00146EPSS
Exploits0References16
OSV
OSV
added 2025/05/20 5:15 p.m.2 views

DEBIAN-CVE-2025-37974

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpcicreatedevice error return The zpcicreatedevice function returns an error pointer that needs to be checked before dereferencing it as a struct zpcidev pointer. Add the missing check in clpadd...

5.5CVSS5.6AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked zpcicreatedevice error return that could result in a null pointer dereference...

5.5CVSS7AI score0.00146EPSS
Exploits0References4
Rows per page
Query Builder