133 matches found
CVE-2026-50244
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...
CVE-2026-42932
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...
EUVD-2026-36533
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...
CVE-2026-50244 Naxclow IoT Platform Missing Authorization
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...
PT-2026-48959
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...
CVE-2025-59605
Memory Corruption when processing device identifier strings that exceed the expected maximum length...
CVE-2025-59605
Memory Corruption when processing device identifier strings that exceed the expected maximum length...
CVE-2025-59605 Out-of-bounds Write in HLOS
Memory Corruption when processing device identifier strings that exceed the expected maximum length...
CVE-2025-59605 Out-of-bounds Write in HLOS
Memory Corruption when processing device identifier strings that exceed the expected maximum length...
Qualcomm Chipsets 缓冲区错误漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. Qualcomm Chipsets have a buffer error vulnerability, which stems from memory corruption when processing device identifier strings that exceed the expected maximum length...
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...
CVE-2026-47273 pam_usb: XPath injection via PAM-supplied identifiers in pam_usb configuration queries
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb builds XPath expressions from user-supplied identifiers PAM username, service name and device-supplied identifiers USB device serial, model, vendor to query /etc/pamusb.conf. These identifiers...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Input: iforce – invert the valid length check when fetching device IDs. syzbot is reporting an uninitialized value at iforceinitdevice 1. The commit 6ac0aec6b0a6 “Input: iforce – allow callers to supply a data buffer when fetchin...
CVE-2026-35064
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
CVE-2026-35064
CVE-2026-35064 concerns SenseLive X3050’s management ecosystem. The vulnerability allows unauthenticated discovery of deployed units via the vendor’s management protocol, enabling an attacker on the same network segment to identify device presence, identifiers, and management interfaces because d...
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
Electron 安全漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There are security vulnerabilities in versions ...
CVE-2026-32953
Tillitis TKey Client (Go module tkeyclient) versions
Tillitis TKey Client has an Error in Protocol Implementation
Impact Some specific 1 out of 256 User Supplied Secrets USS were not used, making the resulting Compound Device Identifier CDI the same as if no USS was provided. Affected client applications: all client apps using the tkeyclient Go module. Patches Upgrade to v1.3.0. NOTE WELL: For the affected e...