96 matches found
CVE-2026-2336 Weak webstax_auth Cookie Authentication Allows Privilege Escalation
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstaxauth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...
CVE-2026-2336
CVE-2026-2336 describes a privilege escalation in Microchip IStaX where an authenticated low-privilege user can extract the shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges. Affected product: IStaX (before 2026.03). T...
PT-2026-33346
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...
Malicious code in xpack-per-device (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f3e144fc188f6f28820784883e158f5841d1276a3eb100db4c469e45439f415 The package xpack-per-device was found to contain malicious code. Source: ghsa-malware 40c08125e60c3d43432e40679e35d49bb3fc0b9d4a3df799c45b80999f1753...
MAL-2026-1159 Malicious code in xpack-per-device (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f3e144fc188f6f28820784883e158f5841d1276a3eb100db4c469e45439f415 The package xpack-per-device was found to contain malicious code. Source: ghsa-malware 40c08125e60c3d43432e40679e35d49bb3fc0b9d4a3df799c45b80999f1753...
Malicious Package
Overview xpack-per-device is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-23129
In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpllxarefdpll,pinadd to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multiple times with the sam...
EUVD-2026-3306
ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component...
CVE-2026-23833
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...
CVE-2026-23833
Summary: CVE-2026-23833 affects ESPHome 2025.9.0–2025.12.6. A flaw in the API component’s protobuf decoder lets an attacker perform a denial-of-service by sending a large field_length, causing an overflow of the bounds check in components/api/proto.cpp (ptr + field_length > end). This can cras...
PT-2026-3475
Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.9.0 through 2025.12.6 Description ESPHome is a system for remote microcontroller control via Home Automation systems. An integer overflow in the API component’s protobuf decoder can lead to denial-of-service attacks when...
MiracleLinux 7 : kernel-3.10.0-327.10.1.el7 (AXSA:2016-136:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-136:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...
CVE-2022-50818 scsi: pm8001: Fix running_req for internal abort commands
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix runningreq for internal abort commands Disabling the remote phy for a SATA disk causes a hang: root@none$ more /sys/class/sasphy/phy-0:0:8/targetportprotocols sata root@none$ echo 0...
PT-2025-53936
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc1-205202-gf26f8f761e83 218 Description A flaw exists in the SCSI subsystem of the Linux kernel, specifically within the pm8001 driver. The issue involves incorrect handling of the running req counter when...
SUSE CVE-2025-68174
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...
EUVD-2025-203722
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...
UBUNTU-CVE-2025-68174
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...
CVE-2025-68174
Concrete details confirm CVE-2025-68174 affects the Linux kernel component amd/amdkfd (KFD) with a race between kfd_process_wq_release and device teardown during partition switching. The fix introduces an atomic kfd_processes_count to track active KFD processes, incremented on creation and decrem...
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...