Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: added the missing -finimicrocode interface for Sienna Cichlid. This is to avoid any potential memory leaks...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a possible null-pointer dereference due to a data race in sndhdacregmapsync. The variable codec-regmap is often protected by the codec-regmaplock when accessed. However, it is accessed without holding the lock wh...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fixed a memory leak when thresholdcreatebank fails. In mcethresholdcreatedevice, if thresholdcreatebank fails, the previously allocated thresholdbanks array @bp will be leaked, because the call to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fixed a memory leak in amdpmcstbdebugfsopenv2. The function amdpmcstbdebugfsopenv2 may be called when the STB debug mechanism is enabled. When amdpmcsendcmd fails, the ‘buf’ variable needs to be released...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A side-channel vulnerability on some AMD CPUs may allow an attacker to influence the return address prediction. This could result in speculative execution at an attacker-controlled address, potentially leading to information disclosure...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ALSA: ctxfi – Fixed improper handling of the missing SPDIFI1 index in daiodeviceindex. The SPDIF1 DAIO type is not properly handled in daiodeviceindex for hw20k2. This led to a -EINVAL error, which resulted in out-of-bounds...

Astra Linux - уязвимость в faad2

An invalid memory address dereference was discovered in the sbrprocesschannel function of libfaad/sbrdec.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. This vulnerability causes a segmentation fault and an application crash, resulting in a denial of service...

Astra Linux - уязвимость в faad2

A issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. It is a buffer over-read in psmixphase in libfaad/psdec.c...

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

CVE-2026-7522

The CVE-2026-7522 issue affects the WordPress plugin The Advanced Database Cleaner – Premium, vulnerable in versions up to 4.1.0. The root cause is Local File Inclusion via the template parameter, allowing authenticated users with Subscriber-level access and above to include and execute arbitrary...

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

WordPress plugin Advanced Database Cleaner – Premium 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021531)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021531 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct...

GStreamer: GStreamer: Arbitrary code execution via ASF file processing

A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF Advanced Systems Forma...

[SECURITY] Fedora 44 Update: rust-sevctl-0.6.2-7.fc44

Administrative utility for AMD SEV...

GHSA-FHVH-VW7H-9XF3 libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

[SECURITY] Fedora 43 Update: rust-sevctl-0.6.2-7.fc43

Administrative utility for AMD SEV...

GStreamer: GStreamer: Arbitrary code execution via ASF file processing

A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF Advanced Systems Forma...

kernel: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()

A flaw was found in the Linux kernel PCI/AER Advanced Error Reporting subsystem. When platform firmware reports error information via the ACPI APEI GHES mechanism for a device that does not advertise an AER capability, dev-aerinfo remains NULL. The function aerratelimit does not check for this...