Linux Distros Unpatched Vulnerability : CVE-2019-12106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability...

SUSE CVE-2025-38217

In the Linux kernel, the following vulnerability has been resolved: hwmon: ftsteutates Fix TOCTOU race in ftsread In the ftsread function, when handling hwmonpwmautochannelstemp, the code accesses the shared variable data-fansourcechannel twice without holding any locks. It is first checked again...

SquareX Unveils “Browser Syncjacking” Attack Granting Full Browser and Device Control

Palo Alto, USA, 30th January 2025, CyberNewsWire...

1Panel Command Injection Vulnerability

1Panel is an open source Linux server O&M panel for the Chinese 1panel community. A command injection vulnerability exists in 1Panel 1.10.1-lts and earlier versions, which stems from a security issue in the function baseApi.UpdateDeviceSwap in /api/v1/toolbox/device/update/swap, where the use of...

CVE-2023-43202

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...

Command injection

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...

CVE-2023-43202

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...

MiniUPnP MiniSSDPd Resource Management Error Vulnerability

MiniSSDPd is a daemon for managing SSDPs on Posix systems. A resource management error vulnerability exists in the 'updateDevice' function of the minissdpd.c file in MiniUPnP MiniSSDPd versions 1.4 and 1.5. The vulnerability stems from the mismanagement of system resources e.g., memory, disk spac...

CVE-2019-12106

The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability...

Android Information Disclosure Vulnerability (CNVD-2018-12805)

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in versions of Android prior to 2018-06-05 on Google Pixel and Nexus...