7468 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context, leading to errors when processing asynchronous...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: netsched: schsfq: fixed a potential crash when handling gsoskb. SFQ assumes that at least one packet can always be queued. However, after the problematic commit, sch-q.len can be inflated by packets in sch-gsoskb. An enqueue...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 “net: sched: support hash selecting tx queue” added support for SKBEDITFTXQSKBHASH. The inclusive range size is computed as follows: mappingmod =...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciqca: Use deltimersync before freeing the timer. While reviewing a crash report regarding a corrupted timer list, which typically occurs when a timer is freed while still active, this issue is commonly triggered by...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: cpumap: The xdprxqinfo structure must be initialized to zero before running the XDP program. When running an XDP program that is associated with a cpumap entry, we do not initialize the xdprxqinfo data structure, which is used in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nvme: fixed the lifetime of the admin requestqueue Namespaces can access the controller’s admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure that the admin requestqueue ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fix for dma-fence safe access rules Commit 506aa8b02a8d6 “dma-fence: Add safe access helpers and document the rules” details the dma-fence safe access rules. The most common issue is that...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: refscale: Uninitialized use of waitqueueheadt was fixed. Running the refscale test occasionally causes the kernel to crash with the following error: 8569.952896 BUG: Unable to handle a page fault for address: ffffffffffffffe8...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: - block: Fixed a possible memory leak for rqwb when deviceadddisk fails. - kmemleak reported memory leaks in deviceadddisk: 3 new suspected memory leaks. - A unreferenced object 0xffff88800f420800 size 512: - Command “modprobe...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: The IOWQBITEXIT check is performed within the work run loop. Currently, this check is performed before executing the pending tasks. Normally, this works fine, as the tasks either block temporarily and then a new...
CVE-2026-7460
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...
JLSEC-2026-513
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...
CVE-2026-7460
CVE-2026-7460 affects mailcow-dockerized (2026-03b) and describes a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and render...
CVE-2026-7460 mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...
CVE-2026-7460 mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...
EUVD-2026-31048
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...
CVE-2026-7460
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021572)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021572 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq...
mailcow dockerized 跨站脚本漏洞
Mailcow Dockerized is an open-source application developed by Mailcow. The version 2026-03b of Mailcow Dockerized contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the administrator’s queue manager, which may cause t...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021568)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021568 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's runwork may be racing...