4527 matches found
CVE-2026-34912
Affected software: Revive Adserver ≤ 6.0.6. Vulnerability: Missing access control when linking banners or campaigns to a zone via zone-include.php or the API. Impact (as stated): A low-privileged user could link zones to banners/campaigns owned by other managers on the same instance, causing inco...
CVE-2026-34915
CVE-2026-34915 affects Revive Adserver 6.0.6 and earlier due to missing sanitisation in zone-include.php, enabling a low-privileged attacker to exploit the clientid parameter to perform blind SQL injection. The public sources confirm input validation improvements were implemented to ensure all pa...
CVE-2026-34914
A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...
CVE-2026-34912
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...
PT-2026-51577
Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...
PT-2026-53084
Name of the Vulnerable Software and Affected Versions 7-Zip for Windows versions prior to 26.02 Description 7-Zip fails to preserve the Mark-of-the-Web MotW when extracting a specially crafted RAR5 archive. The software uses a guard to suppress archive-supplied Zone.Identifier streams, but it onl...
SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2026:2468-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2468-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...
GHSA-X84V-G949-293W Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN
Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...
Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN
Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Thermal: The race that occurs during the removal of the thermal zone during resume can be avoided. Since thermalzonepmComplete and thermalzonedeviceresume reinitialize the delayed work of pollqueue for the given thermal zone,...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fixed a crash that occurred when setting the number of CPU cores to an odd number. When the number of CPU cores is adjusted to 7 or other odd numbers, the size of the zones becomes an odd number. The addresses of thes...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dm: limiting swapping tables for devices with zone write plugs The dmrevalidatezones function only allows new or previously unzoned devices to call blkrevalidatediskzones. If the device was already zoned, disk-nrzones would alway...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powercap: armscmi: Recursion was removed during the parsing of zones. Powercap zones can be defined as being arranged in a hierarchical tree structure. When registering a zone using powercapregisterzone, the kernel’s powercap...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Added a null pointer check to pszkmsgread. The kasprintf function returns a pointer to dynamically allocated memory, which may be NULL in case of failure. Ensure that the allocation was successful by checking the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fixed the potential NULL pointer dereferencing issue. If sdprobe encounters an error before sdkp-device is initialized, sdzbcreleasedisk is called. This leads to a NULL pointer dereferencing issue when sdiszoned is call...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: Avoid scanning potential huge holes. When using devmrequestfreememregion and devmmemremappages to add ZONEDEVICE memory, if the end PFN of the requested free memory region is huge e.g., 0x400000000, then nodeendpfn...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: Zoned – Initialize the device’s zone info for seeding When performing seeding on a zoned filesystem, it is necessary to initialize the btrfszoneddeviceinfo structure of each zoned device. Otherwise, mounting the filesystem...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Thermal: Fix for double-free on unregistration Since commit 3d439b1a2ad3 “thermal/core: Alloc-copy-free the thermal zone parameters structure”, the thermalzonedeviceregister function allocates a copy of the tzp argument and frees...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Free all thermal zone debug memory upon removing a zone Since thermaldebugtzremove does not free all the memory allocated for thermal zone diagnostics, some of that memory becomes unreachable after freeing the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Thermal/debugfs: Fixed two locking issues related to the thermal zone debug. With the current locking mechanism for thermal zones in the debugfs code, user space can open the “mitigations” file for a thermal zone before the...