Lucene search
K

96 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 1:29 a.m.9 views

CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS5.7AI score0.00115EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.9 views

SUSE CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.8AI score0.00115EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS5.7AI score0.00115EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS0.00115EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.5 views

UBUNTU-CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS5.7AI score0.00115EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS5.7AI score0.00115EPSS
Exploits0
CVE
CVE
added 2026/06/26 7:41 p.m.15 views

CVE-2026-53324

CVE-2026-53324 is addressed in the Linux kernel’s net: mana path. The fix replaces per-device debugfs directory naming that previously used a hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs with pci_name(pdev), which yields the unique BDF address. This eliminates two issues: (1) po...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52963

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mana network driver regarding the naming of debugfs directories. The driver previously used a hardcoded "0" for Physical Functions PFs and the pci slot name functi...

5.5CVSS6AI score0.00115EPSS
Exploits0References16
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-52952

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARNON in iommugroupsetdomainnofail due to reset In iommugroupsetdomaininternal, concurrent domain attachments are rejected when any device in the group is recovering. This is necessary to fence concurrent attachments ...

8.8CVSS0.00131EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52952

Summary: CVE-2026-52952 affects the Linux kernel IOMMU subsystem. A race occurs during device recovery when multiple memory domains are attached concurrently, which can trigger a Use-After-Free (UAF) due to concurrent domain detachment and re-attachment in a multi-device group sharing the same RI...

8.8CVSS5.7AI score0.00131EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 7:7 p.m.8 views

CVE-2026-48983

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS5.3AI score0.00084EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/18 7:7 p.m.20 views

CVE-2026-48983

CVE-2026-48983 affects pam_usb prior to version 0.9.2, where a TOCTOU race in per-device and per-user pad directory creation can be exploited via a symlink substitution. pam_usb performs a check-then-act using lstat() followed by mkdir(), allowing a local attacker to replace the target path with ...

5.8CVSS5.3AI score0.00084EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50784

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description A symlink race condition exists in the creation of per-device and per-user pad directories. The software employs a check-then-act pattern, where it calls lstat to verify existence and subsequently...

5.8CVSS5.9AI score0.00084EPSS
Exploits0References8
NVD
NVD
added 2026/06/12 7:16 p.m.19 views

CVE-2026-28742

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:7 p.m.16 views

CVE-2026-50101

CVE-2026-50101 affects Naxclow IoT Platform devices. The issue is a server-side, per-device relay credential that never rotates and is re-issued on every boot. Since the credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, an adversary who gains it can mai...

9.2CVSS5.2AI score0.00281EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:7 p.m.33 views

CVE-2026-50101 Naxclow IoT Platform Not using password aging

Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...

9.2CVSS0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:3 p.m.12 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS5.5AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:3 p.m.24 views

CVE-2026-28742

CVE-2026-28742 relates to Naxclow IoT Platform devices using a uniform, hard-coded platform-wide salt for request signing embedded in firmware. The lack of per‑device keys, server-side nonce tracking, or replay protections allows recovered salts to enable valid signatures for arbitrary device or ...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:3 p.m.12 views

EUVD-2026-36525

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 3:16 p.m.17 views

CVE-2026-7368

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS0.00259EPSS
Exploits0References2
Rows per page
Query Builder