16221 matches found
CVE-2026-13583
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The...
CVE-2026-13583
Edimax EW-7478APC (firmware 1.04) contains a buffer overflow in the POST handler: formUSBFolder (/goform/formUSBFolder) via manipulation of ShareName/SelectName. The issue is exploitable remotely, with exploit disclosed publicly; no remediation details are provided in the supplied documents.
EUVD-2026-40131
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The...
EUVD-2026-40128
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely...
CVE-2026-13582
The CVE concerns the Edimax EW-7478APC (firmware 1.04) where the POST request handler’s /goform/formUSBAccount function manipulates the UserName/Password arguments, causing a buffer overflow. This vulnerability enables remote execution with network access and was reported as exploitable in the wi...
CVE-2026-13582 Edimax EW-7478APC POST Request formUSBAccount buffer overflow
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely...
CVE-2026-53305
The CVE-2026-53305 issue is in the Linux kernel driver for ps883x USB Type-C retimers. When unbinding a device to bind to vfio-platform (for example via the platform driver unbind path), an Oops occurs due to a NULL pointer dereference. The root cause is that the driver retrieves its per-client d...
ZoneMinder Snapshots - Command Injection
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...
CVE-2026-53028
A flaw was found in the Linux kernel's USB Type-C subsystem. This vulnerability occurs when an error pointer for tps-partner is checked but not handled, leading to its subsequent dereference. This unhandled error can cause a system crash, resulting in a Denial of Service DoS for the affected syst...
Oracle Linux 9 : kernel (ELSA-2026-27789)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...
UBUNTU-CVE-2026-53194
In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...
UBUNTU-CVE-2026-53195
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...
CVE-2026-52982
A flaw was found in the Linux kernel's USB network driver for Realtek RTL8150 devices. A race condition exists in the rtl8150startxmit function, where a network packet's data buffer can be released prematurely. This can lead to a 'use-after-free' vulnerability, allowing the system to attempt to...
K000161867: Linux kernel vulnerabilities CVE-2026-23291, CVE-2026-23292, CVE-2026-23298, and CVE-2026-23304
Security Advisory Description CVE-2026-23291 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was...
CVE-2026-53194
In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...
CVE-2026-53196
CVE-2026-53196 : In the Linux kernel USB serial driver for TI devices (io_ti), a heap overflow can occur in get_manuf_info() when reading descriptor data from the device I2C EEPROM. The descriptor size (rom_desc->Size) is read and copied into a buffer allocated as 10 bytes (struct edge_ti_manu...
EUVD-2026-39287
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
CVE-2026-53196
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
CVE-2026-53194
The CVE-2026-53194 entry covers a defect in the Linux kernel USB serial driver kl5kusb105 (klsi_105_prepare_write_buffer). The bug occurs when the generic write path uses the bulk-out buffer (size 64) and copies the payload from the write_fifo without reserving space for the 2-byte header, result...
CVE-2026-53194 USB: serial: kl5kusb105: fix bulk-out buffer overflow
In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...