CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

OESA-2025-2079 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154ifremove. 1 Remove an IEEE 802.15.4 network interfa...

OESA-2025-2078 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154ifremove. 1 Remove an IEEE 802.15.4 network interfa...

DEBIAN-CVE-2024-57948

In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154ifremove. 1 Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system...

UBUNTU-CVE-2024-57948

In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154ifremove. 1 Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system...

CVE-2024-57948 mac802154: check local interfaces before deleting sdata list

In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154ifremove. 1 Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to insufficient validation of the cnf claim in DPoP access tokens. An attacker can use leaked DPoP access tokens at local API endpoints without possessing the private key for signing proof tokens. Note: This ...

Arbitrary remote file read in Wrangler dev server

Impact Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any...

openSUSE 10 Security Update : hplip (hplip-4516)

The deamon 'hpssd' could be exploited by users to execute arbitrary commands as root. hpssd only runs on systems that have HP all-in-one devices configured. In the default configuration the problem is not remotely exploitable as hpssd only listens on local interfaces CVE-2007-5208. %NASLMINLEVEL...