Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021562)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021562 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a...

PT-2026-28380

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.query synced folder action in...

CVE-2025-59783

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

CVE-2025-68621

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

EUVD-2022-55670

In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new numconfigregs property in regmapaddirqchipfwnode Commit faa87ce9196d "regmap-irq: Introduce config registers for irq types" added the numconfigregs, then commit 9edd4f5aee84 "regmap-irq: Deprecate type...

Linux Distros Unpatched Vulnerability : CVE-2020-10185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside...

kernel: ALSA: usb-audio: Fix potential memory leaks

A memory leak was found in the Linux kernel's USB audio driver in the synchronization endpoint URB allocation path. When memory allocation fails partway through allocating URBs for a sync endpoint, the error handling code fails to release the partially allocated URBs because the endpoint's URB...

Microsoft Azure Defender for IoT sync Endpoint SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sync endpoint. The issue results from the lack of proper validation ...

[SECURITY] [DLA 2141-1] yubikey-val security update

Package : yubikey-val Version : 2.27-1+deb8u1 CVE ID : CVE-2020-10184 CVE-2020-10185 The following CVEs were reported against yubikey-val. CVE-2020-10184 The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a...

Unspecified Vulnerability in Yubico YubiKey Validation Server

Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A security vulnerability exists in the sync endpoint in YubiKey Validation Server versions prior to 2.40. A remote attacker could exploit the vulnerability to conduct replay attacks using previously used...

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

Default configuration

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

UBUNTU-CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

CVE-2020-10185

CVE-2020-10185 affects the YubiKey Validation Server (YubiVal) prior to version 2.40. The vulnerability resides in the sync endpoint, which can be abused by remote attackers to replay previously used one-time passwords. This issue does not affect YubiCloud. The Debian/OSS advisories note fixes im...

CVE-2020-10185

Removed by vendor...