2180 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn’t valid Skip the WRMSR and HLT fastpaths in SVM’s VM-Exit handler if the next RIP isn’t valid, for example, because KVM is running with nrips=false. SVM must decode and...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through UHID, there is a possibility that we do not have output reports, and as a result, reportfield is set to null...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibiting potential out-of-bounds accesses The fbdev test in IGT may write after EOF, leading to out-of-bound accesses for DRM drivers that use fbdev-generic. For example, running the fbdev test on an...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fixed a race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ Cut here ------------ listadd double add:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do not recheck L1 intercepts when completing userspace I/O When completing emulation of instructions that generate a userspace exit for I/O, do not recheck L1 intercepts since KVM has already completed that phase of...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits handle insn-n samples. The insnrwemulatebits function is used as a default handler for INSNREAD instructions for sub-devices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...
Astra Linux – Vulnerability in Qemu
An integer underflow issue was discovered in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could exploit this flaw to render QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
Astra Linux – Vulnerability in Qemu
A out-of-bounds read flaw was discovered in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially allowing it to read beyond the bounds of the bar space onto adjacent pages. A malicious...
Siemens RuggedCom Rox Use After Free (CVE-2023-3019)
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. This plugin only works with Tenable.ot. Please visit...
EUVD-2026-35454
Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...
CVE-2026-0419
Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...
CVE-2026-0419 Insufficient input validation vulnerability in NETGEAR JR6150
Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...
CVE-2026-0419
CVE-2026-0419 describes insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router, 802.11ac, dual-band; released 2014) that allows users on the local Wi‑Fi to execute operating system commands. The device is End-of-Support since 2018 with no planned security updates. The advisory notes t...
CVE-2026-0412 Insufficient input validation vulnerability in NETGEAR JR6150 Web UI
Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...
CVE-2026-0412 Insufficient input validation vulnerability in NETGEAR JR6150 Web UI
Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...
CVE-2026-0412
CVE-2026-0412 relates to the NETGEAR JR6150 Web UI and is described as an insufficient input validation vulnerability. The affected device is the NETGEAR JR6150 (AC750 WiFi Router, 2014 release) and the description states that administrators connected to the local network can make unauthorized mo...
PT-2026-47823
Name of the Vulnerable Software and Affected Versions NETGEAR JR6150 affected versions not specified Description Insufficient input validation allows users connected to local WiFi networks to execute operating system commands. This issue was identified through firmware emulation in a controlled...
PT-2026-47817
Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...
AutoSUT: The Environment Semantics Gap in Structured CTI for Adversary Emulation
Structured Cyber Threat Intelligence CTI is increasingly used for adversary emulation, detection evaluation, and cyber range design. However, these workflows still require a target System Under Test SUT whose environment is not fully described by public CTI. We measure how much of that environmen...