71 matches found
CVE-2026-33356
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-46036 vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex
In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...
CVE-2026-46036
The CVE covers a race in the Linux kernel vfio/cdx driver where concurrent VFIO_DEVICE_SET_IRQS ioctls can observe inconsistent state of config_msi and cdx_irqs, leading to use-after-free of the cdx_irqs array. A per-device mutex (cdx_irqs_lock) is added to struct vfio_cdx_device and is acquired ...
EUVD-2026-32417
In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...
CVE-2026-46036
In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...
CVE-2026-46036
vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: amd/amdkfd: enhanced checking of kfd processes during switch partitions. Currently, the switch partition only checks whether kfdprocessestable is empty. The entry in kfdprocessestable is deleted in kfdprocessnotifierrelease, b...
EUVD-2026-29102
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356
CVE-2026-33356 affects Meari IoT Cloud MQTT Broker deployments using EMQX 4.x. The issue is that authenticated low-privilege users can subscribe to global wildcard topics and access telemetry from devices they don’t own, because subscribe authorization is not enforced at per-device scope, while p...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...
EUVD-2026-23272
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstaxauth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...
CVE-2026-2336
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstaxauth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...
CVE-2026-2336 Weak webstax_auth Cookie Authentication Allows Privilege Escalation
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstaxauth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...
CVE-2026-2336
CVE-2026-2336 describes a privilege escalation in Microchip IStaX where an authenticated low-privilege user can extract the shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges. Affected product: IStaX (before 2026.03). T...
PT-2026-33346
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...
Malicious Package
Overview xpack-per-device is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in xpack-per-device (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f3e144fc188f6f28820784883e158f5841d1276a3eb100db4c469e45439f415 The package xpack-per-device was found to contain malicious code. Source: ghsa-malware 40c08125e60c3d43432e40679e35d49bb3fc0b9d4a3df799c45b80999f1753...