CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

CVE-2026-36539

The affected product is Netis AC1200 Router NC21 (firmware version referenced: V4.0.1.4296). The issue is an unauthenticated CGI endpoint at /cgi-bin/skk_get.cgi that returns the entire router configuration as JSON, exposing administrator credentials, Wi‑Fi and PPPoE credentials, DDNS credentials...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: devmap: Provide rxq after a redirect. rxq contains a pointer to the device from which the redirect occurred. Currently, the BPF program executed after a redirect via BPFMAPTYPEDEVMAP does not set this pointer. This is...

CVE-2026-23359

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap getupperifindexes iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of upper devices is...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005193 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also...

PT-2026-27724

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the bpf subsystem, specifically in the devmap functionality. The get upper ifindexes function iterates through upper devices and writes their...

CVE-2025-34258

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...

EUVD-2025-201435

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...

CVE-2025-34259

Advantech WISE-DeviceOn Server (pre-5.4) is affected by a stored XSS in the /rmm/v1/devicemap/building endpoint. The issue arises from unfiltered/store of the map entry name which is later rendered in the map list UI without HTML sanitization, enabling an attacker to inject script that runs in th...

bpf: fix OOB devmap writes when deleting elements

...

SUSE CVE-2024-50162

In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPFMAPTYPEDEVMAP does not have it set. This is...

UBUNTU-CVE-2024-42063

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

...

UBUNTU-CVE-2024-26853

In the Linux kernel, the following vulnerability has been resolved: igc: avoid returning frame twice in XDPREDIRECT When a frame can not be transmitted in XDPREDIRECT e.g. due to a full queue, it is necessary to free it by calling xdpreturnframerxnapi. However, this is the responsibility of the...

SUSE CVE-2017-10920

The grant-table feature in Xen through 4.8.x mishandles a GNTMAPdevicemap and GNTMAPhostmap mapping, when followed by only a GNTMAPhostmap unmapping, which allows guest OS users to cause a denial of service count mismanagement and memory corruption or obtain privileged host OS access, aka XSA-224...

blktrace (aka Block IO Tracing) 1.2.0 as used with the Linux kernel and Android has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small as demonstrated by an invalid free when using the btt program with a crafted file.

...

NetFortris Fonality Trixbox endpoint_devicemap.php Component OS Command Injection Vulnerability

NetFortris Fonality Trixbox is a suite of business telephony software from NetFortris USA. An operating system command injection vulnerability exists in the endpointdevicemap.php component in NetFortris Fonality Trixbox Community Edition versions 1.2.0 through 2.8.0.4, which can be exploited by a...

ALPINE-CVE-2017-10921

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAPdevicemap and GNTMAPhostmap mapping, which allows guest OS users to cause a denial of service count mismanagement and memory corruption or obtain privileged host OS access, aka XSA-224 bug 2...

DEBIAN-CVE-2017-10921

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAPdevicemap and GNTMAPhostmap mapping, which allows guest OS users to cause a denial of service count mismanagement and memory corruption or obtain privileged host OS access, aka XSA-224 bug 2...