249 matches found
CVE-2026-40304 zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...
CVE-2026-40304
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007325)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007325 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw Tenable has extracted the preceding description block...
GHSA-3JPJ-V3XR-5H6G zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
Summary The unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the condition short-circuits to false and allows the deletion to proceed without any ownership...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006824)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006824 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a...
ROS-20260330-73-0002
A vulnerability in the media/dvb-frontends/dib7000p.c component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...
BuildKit 路径遍历漏洞
BuildKit is a concurrent, cache-efficient build tool package developed by Moby. Versions of BuildKit prior to 0.28.1 contained a path traversal vulnerability. This vulnerability stemmed from the possibility of custom BuildKit frontends constructing API messages, which could lead to file writing...
[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-9.fc43
Command-line frontends for Sequoia...
[SECURITY] Fedora 42 Update: rust-sequoia-sq-1.3.1-9.fc42
Command-line frontends for Sequoia...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27075)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27075 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stac...
Azure Linux 3.0 Security Update: kernel (CVE-2024-56769)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56769 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1071)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : net: drop UFO packets in udprcvsegmentCVE-2025-38622 A transient execution vulnerability in some AMD processors may allow an attacker to infer dat...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1091)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : net: drop UFO packets in udprcvsegmentCVE-2025-38622 A transient execution vulnerability in some AMD processors may allow an attacker to infer dat...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001708)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001708 advisory. Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001713)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001713 advisory. Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001758)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001758 advisory. Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001684)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001684 advisory. Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001681)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001681 advisory. Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...
Siemens SCALANCE, Ruggedcom ROX Race Condition (CVE-2022-23040)
Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...
GRR 4.0.0.0
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...