Astra Linux - уязвимость в linux-5.10, linux

Dm-verity is used to extend the root-of-trust to root file systems. LoadPin builds upon this feature to restrict module/firmware loads to only the trusted root file system. Currently, device-mapper table reloads allow users with root privileges to replace the target with an equivalent dm-linear...

CVE-2026-41058 AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...

CVE-2026-41058 AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...

PT-2026-32196

Name of the Vulnerable Software and Affected Versions Escarogt versions prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 Description A deserialization issue exists in Escargot Java Script that can lead to a denial of service through process termination when handling untrusted data...

CVE-2023-31123

effectindex/tripreporter is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of effectindex/tripreporter, e.g. subjective.report, may be affected by an improper...

PT-2025-38410

Name of the Vulnerable Software and Affected Versions Press versions prior to commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615 Description Press, a Frappe custom app used for managing infrastructure, subscriptions, marketplace operations, and software-as-a-service SaaS, is susceptible to a flaw th...

DEBIAN-CVE-2025-21807

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

UBUNTU-CVE-2024-11498

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...

CVE-2024-8612

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueuepush as set in virtioscsicompletereq / virtioblkreqcomplete / viritocryptoreqcomplete could be larger than the true size of the data which has been sent to guest. Once virtqueuepush finally...

PT-2022-19903 · Mediawiki +1 · Mediawiki Semanticdrilldown Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki SemanticDrilldown extension versions through 1.37.2 Description: The issue allows SQL injection with certain '-' and ' ' constraints. Recommendations: For MediaWiki SemanticDrilldown extension versions through 1.37.2, update to a...

CVE-2022-1055

A use-after-free exists in the Linux Kernel in tcnewtfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5...