82 matches found
CVE-2026-48544
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...
CVE-2026-48544 Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...
CVE-2026-48544
Taipy 4.1.1 contains a path traversal vulnerability in ElementLibrary.get_resource() within taipy/gui/extension/library.py. The issue arises from an incomplete directory containment check using str.startswith() without a trailing path separator, allowing crafted GET requests with path traversal s...
Taipy 路径遍历漏洞
Taipy is an open-source application developed by Avaiga. It was designed specifically for data scientists and machine learning engineers to build data and artificial intelligence network applications. Version 4.1.1 of Taipy contains a path traversal vulnerability. This vulnerability stems from th...
PT-2026-44007
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get resource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Check the return value after calling platformgetresource platformgetresource may return a NULL pointer. We need to check its return value to avoid a null-ptr-deref in resourcesize...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: reset: uniphier-glue: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeres invoked, if platformgetresource returns NULL...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platformgetresource It will cause null-ptr-deref if platformgetresource returns NULL, we need check the return value...
Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014357)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014357 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platformgetresource It will cause...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013753)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013753 advisory. In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platformgetresource platformgetresource returns NULL in case o...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011327)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011327 advisory. In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platformgetresource platformgetresource returns NULL in case o...
GHSA-48CH-P4GQ-X46X Vikunja Missing Authorization on CalDAV Task Read
Summary The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or guesses a task UID can read the full task data from any project on the...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the GetResource and GetResourcesByList processes. An attacker can access sensitive task data from projects they do not have permission to view by making authenticated CalDAV requests with a known or guessed task...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005718)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005718 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeaddrang...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005786)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005786 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeaddrang...
CVE-2022-50888 remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...
CVE-2022-50872
CVE-2022-50872 Patched in the Linux kernel for ARM OMAP2+ in realtime_counter_init: the issue was a memory leak where the sys_clk resource allocated by clk_get() was not released on return. The description explicitly states this fix; no vendor/product version details are provided beyond this. The...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked platformgetresourcebyname return value, which could result in a null pointer dereference...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990493)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990493 advisory. In the Linux kernel, the following vulnerability has been resolved: USB: host: isp116x: check return value after calling platformgetresource It will cause...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989376)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989376 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platformgetresource It will cause...