Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: Replace BUGON with a regular error message. BUGON is unnecessary here, and it also causes confusion in the smatch function. Replacing BUGON with an error message helps resolve this issue. Warning:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Media: Tuner: xc5000: Fixed a use-after-free in xc5000release. The original code used canceldelayedwork in xc5000release, which does not guarantee that the delayed work item, timersleep, has fully completed if it was already...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: dvb-frontends: w7090p: Fixed the nullptrderef issue in w7090ptunerwriteserpar and w7090ptunerreadserpar. In w7090ptunerwriteserpar, msg is controlled by the user. When msg0.buf is null and msg0.len is zero, previous...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013332)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013332 advisory. In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUGON with a regular error BUGON is unnecessary here, and in...

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

Server-side Request Forgery (SSRF)

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /LiveTv/TunerHosts endpoint when the tuner URL is not properly validated. An...

CVE-2026-35032 Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

EUVD-2026-22766

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

CVE-2026-35032 Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

CVE-2026-35032

Jellyfin (pre-10.11.7) has a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts) where tuner URLs aren’t validated, enabling local file reads via non-HTTP paths and SSRF via HTTP URLs. Exploitation is possible by any authenticated user because EnableLiveTvManagement def...

PT-2026-32957

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000544)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000544 advisory. The xc2028setconfig function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003351 advisory. The xc2028setconfig function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002741)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002741 advisory. The xc2028setconfig function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service...

media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar

...

CVE-2025-23761

Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2...

SUSE CVE-2023-54282

In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUGON with a regular error BUGON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350...

Linux Distros Unpatched Vulnerability : CVE-2023-54282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: tuners: qt1010: replace BUGON with a regular error BUGON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return hel...