31952 matches found
CVE-2026-45702
A flaw was found in OP-TEE OS, a Trusted Execution Environment TEE for Arm Cortex-A cores. A type confusion vulnerability exists when OP-TEE OS processes an FFAMEMSHARE request from the normal world. This flaw can be exploited by a local attacker with high privileges when OP-TEE is configured as ...
CVE-2026-35082
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
CVE-2026-35084 Stack buffer overflow in method dali-devconfig
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root...
CVE-2026-35082
The CVE-2026-35082 entry describes a Local File Inclusion in the ugw-logread method, where insufficient validation of user-supplied input lets a remote attacker with user privileges access arbitrary local files. The CERT/VDE metrics indicate HIGH impact (confidentiality, integrity, availability) ...
CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...
CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...
EUVD-2026-34076
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35079 Arbitrary file delete vulnerability in method ugw-restore
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
EUVD-2026-34075
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35078
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35078 Arbitrary file delete vulnerability in method ugw-logstop
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
EUVD-2026-34073
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35076
CVE-2026-35076 describes an arbitrary local file delete vulnerability in the bac-scanresult method caused by insufficient validation of user-controlled input. The issue allows a remote attacker with user privileges to delete arbitrary local files. The provided metrics indicate a high-severity imp...
PT-2026-45917
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
PT-2026-45921
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
PT-2026-45923
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
USN-8373-1 linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8 vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
CVE-2026-10622
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
CVE-2026-9522
Summary (CVE-2026-9522): Improper access control in the PAM account discovery feature of Devolutions Server 2026.1.19 and earlier enables an authenticated user without administrative privileges to delete network discovery scan configurations. Affected product is Devolutions Server (version line n...
CVE-2026-10622 CVE-2026-10622
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...