16 matches found
CVE-2026-44424
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetDevice process. An attacker can access sensitive device metadata belonging to other tenants by providing a valid device UID and authenticating with any user account. Remediatio...
PT-2026-38314
Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/devices/:uid" returns the full device object to any authenticated user without verifying if the device belongs to the caller's namespace tenant. An...
February 13, 2024—KB5034830 (Monthly Rollup)
None None...
February 13, 2024—KB5034766 (OS Build 22000.2777)
None None...
February 13, 2024—KB5034831 (Monthly Rollup)
None None...
February 13, 2024—KB5034774 (OS Build 10240.20469) - EXPIRED
None None...
February 13, 2024—KB5034809 (Security-only update)
None None...
ALPINE-CVE-2020-29480
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...
Google Android Bluetooth elevation of privilege vulnerability (CNVD-2020-60498)
Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Kernel is one of the kernel components, Framework is one of the Android framework components, System is one of the system components, VPN is one of the VPN Virtual Private Network...
CVE-2020-0299
In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4345-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4345-1 advisory. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondar...
USN-4163-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash. CVE-2016-10906 It was discovered that a race condition existed in the Serial...
Microsoft Device Metadata Authoring Wizard Remote Code Execution
A remote code execution vulnerability exists in Microsoft Device Metadata Authoring Wizard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows 10: Prevent device metadata retrieval from the Internet
This policy setting prevents Windows from retrieving device metadata from the Internet. If enabled, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box. OpenVAS Vulnerability Te...
USN-3619-1: Linux kernel vulnerabilities
Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...