59 matches found
PT-2026-44159
Summary CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic reports or reports config permissions As a result, a low-privileged...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check the return value after calling platformgetresourcebyname. If platformgetresourcebyname returns NULL, it may lead to a null-ptr-deref issue. Therefore, we need to check the return value. Patch details:...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcomaddsysmonsubdev The kfree function should be called when ofirqgetbyname fails or devmrequestthreadedirq fails in qcomaddsysmonsubdev. Otherwise, a memory leak will occur; therefore, addi...
[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.6.0-4.fc42
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
CVE-2026-43072
A flaw was found in the drm/vc4 component of the Linux kernel. The platformgetirqbyname function, which returns an integer that can indicate an error, was not properly validated before being passed to devmrequestthreadedirq. This oversight in error handling could potentially lead to system...
CVE-2026-43072
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: platformgetirqbyname returns an int platformgetirqbyname will return a negative value if an error happens, so it should be checked and not just passed directly into devmrequestthreadedirq hoping all will be ok...
CVE-2026-43072
CVE-2026-43072 affects the Linux kernel drm/vc4 code path: platform_get_irq_byname() may return a negative error value, which was previously passed directly to devm_request_threaded_irq() without proper checking. The issue has been resolved in updated kernel code, and multiple OS-specific advisor...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the platformgetirqbyname function returning an int value. This value is passed directly to the...
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment IDE, Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input...
PT-2026-30040
In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc drm config parse The logicvc drm config parse function calls of get child by name to find the "layers" node but fails to release the reference, leading to a device node...
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.5.2-15.fc43
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.5.2-13.fc42
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
CVE-2022-50888 remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...
CVE-2022-50888 remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...
PT-2025-54007
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to null pointer dereferencing within the of unittest find node by name function. Specifically, if kmalloc fails to allocate memory during the...
Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat
This is a Java class file that appears to be a payload for a malicious attack. The class is named "Foo" and has a single method, "", which is the constructor. The constructor takes no arguments and does not perform any actions. The class also has a "serialVersionUID" field, which is a unique...
EUVD-2022-55455
Malicious code in bioql PyPI...
PT-2025-40117
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc3-00363-g7726d4c3e60b Description The Linux kernel contained a use-after-free flaw within the kernfs subsystem, specifically in the kernfs remove function. This issue stemmed from concurrent calls to kern...
CVE-2022-50357
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: fix some leaks in probe The dwc3getproperties function calls: dwc-usbpsy = powersupplygetbynameusbpsyname; so there is some additional clean up required on these error paths...