CVE-2019-25747

Network Inventory Advisor 5.0.26.0 is affected by an unquoted binary path in the niaservice service, enabling local privilege escalation. An attacker could place a malicious executable in an intermediate directory and trigger code execution with LocalSystem privileges when the service starts or r...

CVE-2019-25747 Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

EUVD-2019-20183

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

GHSA-C73Q-8XXR-RGQM Tilt: Missing authentication on the network-exposed Tilt HUD server

Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state...

GHSA-6M68-R693-78QX Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream

Summary The Tilt HUD WebSocket /ws/view is gated by a CSRF token, but the token is served by an unauthenticated endpoint and the upgrader accepts any client that omits an Origin header. When the HUD is network-exposed, an attacker can open the HUD stream and read the developer's session state...

CVE-2026-9142 Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-9142

NI grpc-device versions prior to 2.17.0 are affected by an insecure default credentials vulnerability when TLS configuration is absent and the server binds beyond the loopback interface. This could allow an unauthenticated access to the server on the local network. No exploit details or fixes are...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nbd: defer config put in recvwork There is one UAF issue in recvwork when running NBDCLEARSOCK and NBDCMDRECONFIGURE: - nbdgenlconnect // confref=2 connect and recvwork A - nbdopen // confref=3 - recvwork A completed //...

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, also known as GHSL-2020-083...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In net:tIPC, there is a fix for the refcount warning in tipcaeadencrypt. The syzbot report identified a refcount warning 1 caused by calling getnet on a network namespace that is being destroyed refcount=0. This occurs when a TIP...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: 9p: fixed a refcount leak in error handling of p9readwork. - p9reqput must be called when m-rreq-rc.sdata is NULL to avoid a temporary refcount leak. Dominique: made changes to the commit message, fixed arguments for...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use the correct macoffset to unwind gso skb in nshgsosegment. As shown in the call trace, the skbpanic error occurred due to an incorrect skb-macheader in nshgsoSegment. Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: devlink: fixed the netns refcount leak in devlinknlcmdreload. While preparing my patch series that includes netns refcount tracking, I discovered bugs in devlinknlcmdreload. Some error paths failed to release the refcount...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take the RTNL lock when necessary before calling xdpsetfeatures. The RTNL lock must be held when calling xdpsetfeatures with a registered netdev, as this call triggers the netdev notifiers. This could occur, for exampl...

Astra Linux – Vulnerability in edk2

EDK2’s Network Package is vulnerable to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of availability...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mr: Consolidate the ipmrcanfreetable checks. Guoyu Yin reported a crash in the ipmr netns cleanup path: WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmrfreetable net/ipv4/ipmr.c:440 inline WARNING: CPU: 2 PID: 14564 at...

Astra Linux – Vulnerability in libcommons-net-java

Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: realtek: fixed out-of-bounds access issues The probe function sets priv-chipdata to void priv + sizeofpriv, with the expectation that priv has sufficient trailing space. However, only realtek-smi actually allocated...