2114 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed a preempt count leak in the napi poll tracepoint. Using getcpu in the tracepoint assignment causes an obvious preempt count leak, because nothing invokes putcpu to undo it. softirq: Huh, entered softirq 3 for NETRX...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: afunix: Fixed data races related to sk-skshutdown. KCSAN identified a data race involving sk-skshutdown, where functions like unixreleasesock and unixshutdown update the variable under unixstatelock; additionally, unixpoll and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: lib/groupcpus: Fixed the issue of NULL pointer dereferencing in groupcpusevenly. While testing nullblk with configfs, the command echo 0 pollqueues would trigger the following panic: BUG: NULL pointer dereferencing in the kernel,...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: aio: Fixed a use-after-free issue due to missing POLFREE handling. signalfdpoll and binderpoll are special because they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: eth: sungem: Remove .ndopollcontroller to avoid deadlocks. Erhard reports netpoll warnings from sungem: netpollsendskbondev: eth0 enables interrupts during polling gemstartxmit+0x0/0x398. Warning: CPU: 1, PID: 1; at...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fixed a race condition related to the per-CQ variable napiworkdone. After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, allowing another CPU to start a napi thread and access the per-CQ variable...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Block layer: The feature of freezing the request queue from within sysfs store callbacks has been removed. Freezing the request queue may cause a deadlock when combined with the dm-multipath driver and the queueifnopath option...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Net: Ethernet: mtk-star-emac: fixed spinlock recursion issues during rx/tx polls. Use spinlockirqsave and spinunlockirqrestore instead of spinlock and spinunlock in the mtk-star-emac driver to avoid spinlock recursion issues...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Added check for filling the poll mod list. In cases where improtocols has a value of 1 and tmprotocols has a value of 0, this combination successfully passes the check. This condition is specified as “!improtocols &&...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Prevents handling of any completions after the destruction of a QP Queue Pair. The hardware may generate completions indicating that the QP has been destroyed. The driver should not schedule any completion handlers f...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed the issue with mlx5pollone where the curqp is updated. When curqp is not NULL, in order to avoid fetching the QP from the radix tree again, we check if the next CQE QP is identical to the one we already have...
CVE-2016-20067 WordPress CP Polls 1.0.8 Cross-Site Request Forgery
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...
PT-2026-49205
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...
CVE-2016-20062
The CVE covers a SQL injection in the Simply Poll 1.4.1 WordPress plugin. Attackers can exploit an unauthenticated POST to admin-ajax.php using the spAjaxResults action with crafted pollid values to execute arbitrary SQL and read data from the WordPress database. Affected component: Simply Poll 1...
EUVD-2016-10875
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...
CVE-2016-20062 Simply Poll 1.4.1 Plugin for WordPress SQL Injection
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...
CVE-2016-20062 Simply Poll 1.4.1 Plugin for WordPress SQL Injection
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...
WordPress plugin Simply Poll SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-47762
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...
CVE-2026-45251
A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...