3912 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: The can: usb: f81604 issue requires that the urb data be correctly anchored during the read bulk callback. When submitting an urb, if the anchor pattern is used, it must be anchored before submission. Otherwise, it could be leake...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA splitting of buffer mappings The perfmmap code is careful to map the user page using mmap along with the ringbuffer and the auxiliary buffer, when the event supports this. Once the first mapping is...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Do not use the strip and remove functions when the driver is built-in. Using exit for the remove function causes the remove callback to be discarded when CONFIGMMCDAVINCI=y. When such a device becomes unbound e.g.,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In the can:usb:etases58x module, the task of anchoring the urb data during the read bulk callback has been corrected. When submitting an urb using the anchoring mechanism, it must be anchored before submission. Otherwise, it coul...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: The deadlock caused by SCXKICKWAIT was fixed by deferring the wait until the target CPU’s kickSYNC progresses. The busy-waiting state in kickcpusirqworkfn uses smpCondLoadAcquire until the target CPU’s kickSYNC advances...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a check on the callback function pointer before calling it. In the dpucoreirqcallbackhandler callback function, the pointer pointing to the callback function is checked to be NULL. However, the callback functio...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: acpi: Fixed suspend with Xen PV The commit f1e525009493 "x86/boot: Skipping realmode init code when running as Xen PV guest" missed one code path that accessed the realmodeheader, leading to a NULL dereference during system...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Media: si470x: Fixed a use-after-free in si470xintincallback Syzbot reported a use-after-free in si470xintincallback 1. This indicates that urb-context, which contains a struct si470xdevice object, is freed when si470xintincallba...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure that info-enable callback is always set. The ioctl and sysfs handlers call the -enable callback unconditionally. Not all drivers implement this callback, resulting in NULL dereferencing. Examples of affected drivers:...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fixed an oops during rmmod on single-CPU platforms. During the removal of the idxd driver, a registered offline callback was invoked as part of the cleanup process. However, on systems with only one CPU online, n...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nfc: fixed the potential NULL pointer dereference in nfcgenldumpsesdone. The done netlink callback nfcgenldumpsesdone should check whether the received argument is non-NULL, because its allocation might fail earlier in dumpit...
CVE-2026-6456
The CVE-2026-6456 entry documents a Privilege Escalation in the WordPress Account Switcher plugin up to version 1.0.2. The root cause is the rememberLogin REST API endpoint using a loose comparison (!=) instead of strict (!==) for secret validation at app/RestAPI.php:111, plus validation that the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021632)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021632 advisory. In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using exit for the remove...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021624)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021624 advisory. In the Linux kernel, the following vulnerability has been resolved: net: restrict SOREUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally ...
EUVD-2026-30553
Trubo: Login callback CSRF/session fixation...
NPM: Trubo: Login callback CSRF/session fixation
NPM: Trubo: Login callback CSRF/session fixation vulnerability discovered by ? in WordPress Npm turbo versions = 2.9.13...
GHSA-HCF7-66RW-9F5R Trubo: Login callback CSRF/session fixation
Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...
Trubo: Login callback CSRF/session fixation
Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
CLSA-2026-1779181743 pyOpenSSL: Fix of CVE-2026-27448
CVE-2026-27448: fix fail-open in settlsextservernamecallback when callback raises exception...