Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fixed a possible Use-after-Allocation UAF in snictgtcreate A warning is reported as follows: drivers/scsi/snic/snicdisc.c:307 snictgtcreate warning: &‘tgt-list’ was not removed from the list If the deviceadd function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed a dangling pointer in mgmtaddadvpatternsmonitorcomplete. This fix addresses the issue where, when status != -ECANCELED, mgmtpendingvalid was executed; otherwise, mgmtpendingfreecmd would free the memory, bu...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mmc: omaphsmmc: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in mmcallochost may be leaked. 2. In the...

Astra Linux - уязвимость в aspell

In GNU Aspell 0.60.8, objstack has a heap-based buffer overflow in the acommon::ObjStack::duptop function called from acommon::StringMap::add and acommon::Config::lookuplist...

Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the Linux kernel. A null pointer dereference in the bondipsecaddsa function may lead to a local denial of service...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fixed the potential use-after-free in slabdebugfsfops. When sysfsslabadd fails, we should not call debugfsslabadd for s, because s will be freed soon. Moreover, slabdebugfsfops will use s later, leading to a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: Do not reallocate the workqueue every time an interface is added. The commit 09ed8bfc5215 “wilc1000: Rename the workqueue from “WILCwq” to “NETDEV-wq” moved the creation of the workqueue in wilcnetdevifcinit, in...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fixed a null-ptr-deref bug for mdevunregisterparent Inject a fault while probing mdpy.ko. If the kstrdup function fails in kobjectaddinternal, which occurs in kobjectinitandadd, mdevtypeadd, parentcreatesysfsfiles, it...

Astra Linux - уязвимость в cups-filters

CUPS versions before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting the addition of a printer. This is a different vulnerability than CVE-2024-47176. The request is intended to test the new printer, but it can also be us...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference leak in nfsd4addrdaccesstowrdeleg. The nfsd4addrdaccesstowrdeleg function overwrites fp-fifdsORDONLY unconditionally with a newly acquired nfsdfile. However, if the client already has a SHAREACCESSREA...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the issue of loading RxGK tokens to check bounds. The rxrpcpreparsexdryfsrxgk function reads the raw key length and ticket length from the XDR token as u32 values. It rounds each value up by 4 before using the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mmc: vub300 – Fixed the return value check in mmcaddhost. If we ignore the return value of mmcaddhost, the memory allocated in mmcallochost may be leaked, leading to a kernel crash due to the removal of devices that were not...

PT-2026-42254

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute...

WordPress plugin YITH WooCommerce Product Add-Ons SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the addnote.php file. It could...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1660)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1660 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

PT-2026-42251

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021524)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021524 advisory. In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in deviceadd I got the following null-ptr-deref report...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021550)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021550 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd,...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021535)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021535 advisory. In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in deviceadd When calling kobjectadd failed in deviceadd, it will...