11658 matches found
Powertek Firmware <3.30.30 - Authorization Bypass
Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...
Eaton Intelligent Power Manager 1.6 - Directory Traversal
Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...
Altenergy Power Control Software C1.2.5 - Remote Command Injection
Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/settimezone parameter, because of settimezone in models/managementmodel.php. An attacker can potentially obtain sensitive information, modify data, and/or execut...
CVE-2026-10664
The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...
CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)
The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...
CVE-2026-10664
CVE-2026-10664 reports an out-of-bounds write in the nRF70 Wi‑Fi driver power-save event handler (nrf_wifi_event_proc_get_power_save_info). The handler copies TWT entries from a power-save info event into a fixed-size twt_flows[8], iterating up to num_twt_flows without validating against WIFI_MAX...
CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)
The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...
CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)
The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...
[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43
UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...
[SECURITY] Fedora 44 Update: upower-1.91.3-1.fc44
UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...
Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System
Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the...
CVE-2026-44918
A flaw was found in OpenStack Ironic. An authenticated project manager can change the node associated with Volume Connectors or Volume Target objects, potentially changing the project permitted to access the object. Volume Connectors contain secrets in environments configuring boot from volume wi...
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted...
USN-8498-1 linux-nvidia-tegra vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...
USN-8492-2 linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...
Linux Distros Unpatched Vulnerability : CVE-2026-53340
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: imx: fix clock and pinctrl state inconsistency in runtime PM In i2cimxruntimesuspend, the clock is disabled before switching the pinctrl state to sleep. If...
CVE-2026-53340
A flaw was found in the Linux kernel's i2c: imx driver. During runtime power management, an inconsistency between the clock and pinctrl states can occur. If the pinctrl state fails to switch to sleep mode after the clock is disabled, the clock remains off. This can lead to a system crash when the...
UBUNTU-CVE-2026-53340
In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM In i2cimxruntimesuspend, the clock is disabled before switching the pinctrl state to sleep. If pinctrlpmselectsleepstate fails, the runtime suspend is aborted but...
Security Bulletin: Vulnerability in nghttp2 library (CVE-2026-27135) affects Power HMC.
Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-27135 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library...
Security Bulletin: Vulnerabilities in kernel library (CVE-2025-68724, CVE-2026-31431) affect Power HMC.
Summary The kernel library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-68724 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in...