PT-2026-2544

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check for stop streaming Add sanity check in iris vb2 stop streaming. If inst-state is already IRIS INST ERROR, we should skip the stream off operation because it would still send packets to the firmware. ...

CVE-2026-22783

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

CVE-2026-22783 Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

CVE-2026-22783

CVE-2026-22783 affects the Iris DFIR-IRIS datastore file management system prior to version 2.4.24 . A vulnerability arises from mass assignment of the field file_local_name combined with trusting the path in the delete operation, enabling authenticated users to delete arbitrary filesystem paths....

CVE-2026-22783 Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

EUVD-2026-2004

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

PT-2026-2294

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.24 Description Iris is a web collaborative platform used by incident responders to share technical details during investigations. The DFIR-IRIS datastore file management system has an issue where authenticated users...

Iris 安全漏洞

Iris is a fast, simple, yet full-featured and very efficient Go networking framework open-sourced by DFIR-IRIS. A security vulnerability exists in Iris versions prior to 2.4.24, which stems from a bulk allocation vulnerability in the datastore file management system and the deletion of...

CVE-2021-0121

Improper access control in the installer for some IntelR IrisR Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-18925

Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...

CVE-2023-50712

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...

EUVD-2025-203707

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj-resv != &obj-resv. So we should check both this condition in addition to flags for handling the NOSHARE case. Fixes this splat that was reported with IRI...

UBUNTU-CVE-2025-68189

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj-resv != &obj-resv. So we should check both this condition in addition to flags for handling the NOSHARE case. Fixes this splat that was reported with IRI...

PT-2025-51602

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc7 Description The Linux kernel contains a flaw within the drm/msm subsystem related to the handling of imported DMA buffers during object freeing. Specifically, the condition checking for the NO SHARE ca...

module-mobile-js (>=1.3.8 <=1.4.0), react-native-iris-sdk (>=3.3.16 <=3.3.31) potentially affected by unknown CVE via react-native-log-level (=1.2.0)

react-native-log-level NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-log-level and may be impacted: - module-mobile-js =1.3.8, =3.3.16, =3.3.31 Source cves: unknown CVE Source advisory:...

SUSE CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

EUVD-2025-150366

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

Linux Distros Unpatched Vulnerability : CVE-2025-40208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom- iris aa00000.video-codec: Direct firmware load for...

CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

DEBIAN-CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...