33 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: gpio: aggregator: Protect driver attr handlers against module unload Both newdevicestore and deletedevicestore access module global resources e.g., gpioaggregatorlock. To prevent race conditions during module unloading, a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: serial: max310x: Fixed a NULL pointer dereferencing issue during I2C instantiation. When attempting to instantiate a max14830 device from userspace: echo max14830 0x60 /sys/bus/i2c/devices/i2c-2/newdevice we encounter the followi...
CVE-2025-54404
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...
CVE-2025-54404
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...
CVE-2025-54404
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...
CVE-2025-54404
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...
CVE-2025-54404
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...
EUVD-2025-32860
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...
CVE-2025-54404
Talos reports CVE-2025-54404 affecting Planet WGR-500 v1.3411b190912. The flaw resides in the swctrl service, which over UDP processes a PLANETut message; when the 0x90 (CHANGE_SETTINGS) path is taken, attacker-controlled fields (notably new_device_name) are incorporated into a shell command (fla...
EUVD-2021-26682
Malware in sbrugna...
CVE-2025-38542
In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtrcreate When updating an existing route entry in atrtrcreate, the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix...
kernel security update
5.14.0-570.19.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...
CVE-2021-3351
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...
SUSE CVE-2025-21943
In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both newdevicestore and deletedevicestore touch module global resources e.g. gpioaggregatorlock. To prevent race conditions with module unload, a reference need...
AZL-59748 CVE-2025-21943 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both newdevicestore and deletedevicestore touch module global resources e.g. gpioaggregatorlock. To prevent race conditions with module unload, a reference need...
AZL-59912 CVE-2025-21943 affecting package kernel for versions less than 6.6.85.1-2
In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both newdevicestore and deletedevicestore touch module global resources e.g. gpioaggregatorlock. To prevent race conditions with module unload, a reference need...
CVE-2023-39231
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...
Exploit for Use After Free in Google Android
Bad Spin: Android Binder LPE Author: Moshe Kol Privilege esc...
CVE-2021-3351
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...
CVE-2021-3351
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...