29 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed operation could lead to a NULL pointer dereference when the driver directory is removed before the operation completes...
MAL-2026-4568 Malicious code in fulcrum-sessions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3971399e0fb1bd6c61f5306557512ed22dc0605747526b600b08626a50eb31e src/config.js hardcodes a live Telegram bot token bot id 8656735452 and a default groupId -1003974755050 pointing at a chat owned by the package...
Malicious code in fulcrum-sessions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3971399e0fb1bd6c61f5306557512ed22dc0605747526b600b08626a50eb31e src/config.js hardcodes a live Telegram bot token bot id 8656735452 and a default groupId -1003974755050 pointing at a chat owned by the package...
Incorrect Ownership Assignment
Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment through improper validation of the defaultGroup ID after group access revocation. An attacker can gain unauthorized access to group collections and perform full CRUD operations by omitting the X-Tenant...
CVE-2026-40196 HomeBox has Unauthorized API Access via Retained defaultGroup ID After Group Access Revocation
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...
CVE-2026-40196
HomeBox (home inventory system) versions prior to 0.25.0 are affected by an access control flaw where a user’s defaultGroup ID remains assigned after being invited to a group, and revocation via the web interface does not apply to the API. The root cause is that the original group ID persists as ...
CVE-2026-40196
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...
HomeBox 安全漏洞
HomeBox is an open-source system developed by SysAdmins Media for home users. Versions of HomeBox prior to 0.25.0 contained security vulnerabilities. These vulnerabilities stemmed from the defaultGroup ID being assigned permanently after a user is invited to a group. Even if the user’s access...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006828)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006828 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group T...
OpenSSL 3.6.0 < 3.6.2 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.6.2 advisory. - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group...
UBUNTU-CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
SUSE CVE-2025-71233
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...
CVE-2025-71233
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...
UBUNTU-CVE-2025-71233
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...
CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...
CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...
CVE-2025-71233
CVE-2025-71233 affects the Linux kernel PCI endpoint implementation. The issue arises from asynchronous sub-group creation via delayed work, which could NULL-dereference when the driver directory is removed before the work completes. The documented fix is to replace configfs_register_group() with...
Linux Distros Unpatched Vulnerability : CVE-2025-71233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when...
PT-2026-20442
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel related to PCI endpoint sub-group creation. Asynchronous creation of sub-groups via delayed work could result in a NULL pointer dereference if the...
usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
...