Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way that dsatreechangetagproto works is as follows: When dsatreenotify fails, it does not know whether the operation failed midway through a multi-switch tree, or ...

Hereta ETH-IMC408M 跨站脚本漏洞

The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of inputs in the Network Diagnosis ping functio...

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-25073

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...

CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-23678

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker wi...

CVE-2026-27520 Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware versions up to V300SP10260209 expose user passwords in plaintext via the administrative interface and HTTP responses, enabling recovery of valid credentials. Affected component: device firmware with plaintext credential exposure in management paths; ...

Binardat 10G08-0800GSM 安全漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network SwitchV300SP10260209 and earlier versions have security vulnerabilities. These vulnerabilities stem from the exposure of user passwords in plain text during the management...

Binardat 10G08-0800GSM 跨站请求伪造漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network Switch V300SP10260209 and earlier versions have a cross-site request forgeing vulnerability. This vulnerability stems from the lack of CSRF protection for status change...

OESA-2026-1200 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

CVE-2023-53855

In the Linux kernel, the following vulnerability has been resolved: net: dsa: ocelot: call dsatag8021qunregister under rtnllock on driver remove When the tagging protocol in current use is "ocelot-8021q" and we unbind the driver, we see this splat: $ echo '0000:00:00.2'...

CVE-2025-37159

Summary: CVE-2025-37159 affects the web management interface of the AOS-CX OS user authentication service. An authenticated remote attacker could hijack an active user session, potentially maintaining unauthorized access to that session and viewing or modifying sensitive configuration data. What’...

EUVD-2019-1478

Malware in sbrugna...

EUVD-2019-9868

Malware in sbrugna...

EUVD-2019-1480

Malware in sbrugna...