65 matches found
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fixed the issue to cover normal cluster writes using cprwsem. When we overwrite a compressed cluster with a normal cluster, we should not unlock cprwsem during f2fswriterawpages. Otherwise, data will be corrupted ...
CVE-2026-4301
The CVE-2026-4301 entry documents a vulnerability in the WordPress plugin Rate Star Review Vote (versions up to 1.6.4). The vwrsr_review() AJAX handler lacks proper capability checks and nonce verification, relying only on is_user_logged_in(). When form is set to 'update', an attacker-supplied ra...
PT-2026-39948
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr review AJAX handler lacks both capability checks and nonce verification. The only access control is an is user logged in...
SUSE CVE-2026-43271
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...
EUVD-2026-27666
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...
CVE-2026-43271
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...
CVE-2026-43271
CVE-2026-43271 involves the Linux kernel md-cluster module where a race during MD array startup can cause a NULL pointer dereference in process_metadata_update when a METADATA_UPDATED message arrives before mddev->thread is initialized. The root cause is the code path that dereferences the thr...
CVE-2026-43271
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...
CVE-2026-43271 md-cluster: fix NULL pointer dereference in process_metadata_update
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...
CVE-2026-43271
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the processmetadataupdate function in the md-cluster module. This function derefreshes a null...
PT-2026-37611
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in process metadata update The function process metadata update blindly dereferences the 'thread' pointer acquired via rcu dereference protected within the wait event macro. While the code...
Linux Distros Unpatched Vulnerability : CVE-2026-43271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via...
Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights
Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...
EUVD-2026-17957
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...
CVE-2026-20174
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...
CVE-2026-20174 Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...
CVE-2026-20174
Cisco Nexus Dashboard Insights metadata update feature is vulnerable to arbitrary file write. The issue arises from insufficient validation of the metadata update file, allowing an authenticated attacker with admin credentials to craft a metadata update file and upload it to an affected device, p...
CVE-2026-20174 Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...
Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...