Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fixed the dereferencing of a null pointer in hcisyncconnCompleteEvt. This event is only specified for SCO and eSCO link types. When receiving a HCISynchronousConnectionComplete event for a BDADDR of an existing LE...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management command NOP OUT to the device to recover the link. If this command times out and clearing the device...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: fixed a crash in setmeshsync and setmeshcomplete. There is a bug: KASAN: a stack-out-of-bounds issue in setmeshsync, caused by memcpy from a poorly declared on-stack flexible array. Another crash occurs in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fixed a race condition related to the per-CQ variable napiworkdone. After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, allowing another CPU to start a napi thread and access the per-CQ variable...

CLSA-2026-1778856286 vim: Fix of CVE-2026-34982

CVE-2026-34982: fix vim modeline sandbox bypass via complete/guitabtooltip/printheader options and mapset...

CVE-2026-43322

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

MAL-2026-3789 Malicious code in jenkins-forge-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3120a240b8c41b579052ef41d9ced1b143fa654155901c8ac183b99cd99b83e4 The package jenkins-forge-app was found to contain malicious code. Source: ghsa-malware...

CVE-2025-62309

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

CVE-2025-62309 HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields.

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

EUVD-2025-209850

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

CVE-2025-62309

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

CVE-2025-62309

Technical details about CVE-2025-62309 are not publicly available in the provided documents. Monitor for updates.

CVE-2025-62309 HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields.

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

PT-2026-40952

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

SUSE CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

SUSE CVE-2026-43004

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix resource leak in remove callback The remove callback returned early if pmruntimeresumeandget failed, skipping the cleanup of spi controller and other resources. Remove the early return so cleanup completes...

SUSE CVE-2026-43059

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs" introduced mgmtpendingvalid, which not only validates the pending command but also unlinks it from...