57 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improved page fault error reporting If the IOMMU domain for the device group is not properly set up, we may encounter an IOMMU page fault. The current page fault handler assumes that the domain is always set up; howeve...
Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver’s default device attribute group The sysfs nodes related to the DisplayPort driver may be available to the user space before typecaltmodesetdrvdata completes in...
EUVD-2026-22237
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P All versions V5.8. User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access t...
PT-2026-32609
Name of the Vulnerable Software and Affected Versions RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P versions prior to 5.8 Description User Administrators are permitted to administer groups to which they belong. This flaw allows an authenticated User Administrator to escalate their...
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...
CVE-2026-26991
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...
LibreNMS 跨站脚本漏洞
LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.1.1 contained a cross-site scripting vulnerability. This...
GHSA-5PQF-54QP-32WX LibreNMS /device-groups name Stored Cross-Site Scripting
Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...
PT-2026-20788
Name of the Vulnerable Software and Affected Versions LibreNMS versions 26.1.1 and below Description LibreNMS, an auto-discovering PHP/MySQL/SNMP based network monitoring tool, contains a Stored Cross-Site Scripting XSS issue. The device group name is not sanitized, allowing attackers with admin...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-992997)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992997 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing ...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992575)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992575 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing ...
CVE-2023-53789 iommu/amd: Improve page fault error reporting
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improve page fault error reporting If IOMMU domain for device group is not setup properly then we may hit IOMMU page fault. Current page fault handler assumes that domain is always setup and it will hit NULL pointer...
EUVD-2025-201437
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...
PT-2025-49282
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...
EUVD-2023-2928
Malicious code in bioql PyPI...
SUSE CVE-2023-53440
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings...
CVE-2023-53440 nilfs2: fix sysfs interface lifetime
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings...
CVE-2025-37748
CVE-2025-37748 : In the Linux kernel, the iommu/mediatek fix prevents a NULL pointer dereference in mtk_iommu_device_group during probe. The issue occurred because iommu_device_register could be called before the driver data’s hw_list was initialized, causing a dereference when list_first_entry i...