40 matches found
EUVD-2026-40437
Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...
CVE-2026-56320
Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...
CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint
Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...
CVE-2026-56320 Capgo - Org/App Scope Mismatch in Device Creation Endpoint
Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...
CVE-2026-56320
Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id without validating it matches the target app’s owner organization. Authenticated attackers can create device records for an application using a foreign organization identifier...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fixed a memory leak that occurred during registration failures in cscfgcreatedevice. deviceregister calls deviceinitialize. According to the documentation for deviceinitialize: “Use putdevice to release the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: drbd: Use of “free” after calling drbdcreatedevice The drbdDestroyConnection function frees the “connection” object. Therefore, it is necessary to use the safe iterator to prevent a use of a freed resource after the initial...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010914)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010914 advisory. In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfgcreatedevice deviceregister calls...
CVE-2026-23029
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmeiointcdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmeiointcdestroy is not currently doing...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Handle errors from amdgpucgscreatedevice in amdpowerplaycreate. Add error handling to propagate the failures of amdgpucgscreatedevice to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM t...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003863)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003863 advisory. In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993302)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993302 advisory. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the connection so use th...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991173)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991173 advisory. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the connection so use th...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990800)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990800 advisory. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the connection so use th...
Linux Distros Unpatched Vulnerability : CVE-2025-37852
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: handle amdgpucgscreatedevice errors in amdpowerplaycreate Add error handling to propagate amdgpucgscreatedevice failures to the caller. When...
drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
...
CVE-2021-39637
In CreateDeviceInfo of trustyremoteprovisioningcontext.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
SUSE CVE-2025-37974
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpcicreatedevice error return The zpcicreatedevice function returns an error pointer that needs to be checked before dereferencing it as a struct zpcidev pointer. Add the missing check in clpadd...
DEBIAN-CVE-2025-37974
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpcicreatedevice error return The zpcicreatedevice function returns an error pointer that needs to be checked before dereferencing it as a struct zpcidev pointer. Add the missing check in clpadd...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked zpcicreatedevice error return that could result in a null pointer dereference...