5921 matches found
CVE-2026-33137
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...
CVE-2026-9136
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updateAssistant and createAssistant handlers in the assistant service. An attacker can reassign an assistant to a...
kernel: net: af_can: do not leave a dangling sk pointer in can_create()
In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocated sk object, but sockinitdata has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on ‘actiondata.varrefidx’ When generating a synthetic event with many parameters and then creating a trace action for it 1, a kernel panic occurred 2. This occurs because in traceactioncreate,...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Do not free the qgroup space unless specified. Boris noticed during his simple quota testing that there was a leak caused by Sweet Tea’s change to the subvol create function, which would stop a transaction commit. This...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed the xid leak in cifscreate If the cifs function has already been shut down, we should release the xid before returning it; otherwise, the xid will be leaked...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fixed a use-after-free issue when volume creation failed. There is a use-after-free problem related to ‘ebatbl’ in the error handling code of ubicreatevolume. The relevant code is as follows:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: Fixed a crash that occurred during hcicreatecissync. When attempting to connect multiple ISO sockets without using DEFERSETUP, the following crash may occur: BUG: KASAN: Null pointer dereferencing in...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a potential double-free issue in createvarref. In createvarref, initvarref is called to initialize the fields of the reffield variable. This variable is allocated in the previous function call, to createhistfield...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a memory leak in the createprocess failure. Fixed a memory leak caused by a leaked mmget reference in a error handling code path, which is triggered when attempting to create KFD processes while a GPU reset i...
Astra Linux - уязвимость в xorg-server
A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Fixed the handling of large file sizes in NFSv3 SETATTR/CREATE procedures. iattr::iasize is a lofft; therefore, these NFSv3 procedures must be careful to handle incoming client size values that are larger than s64max...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Set the send and receive CQ pointers before forwarding them to the driver. Preset both receive and send CQ pointers prior to calling the drivers, and overwrite them again until the mlx4 is changed. Do not overwrite...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fixed a memory leak in vkmsinit A memory leak was reported after the vkms module installation failed. An unreferenced object with an ID of 0xffff88810bc28520 size 16 was involved: Command: modprobe, PID: 9662, Jiffies:...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: A overflow issue was addressed in the bitmapipcreate function. When firstip is 0, lastip is 0xFFFFFFFF, and the netmask is 31, the value of an arithmetic expression 2 netmask - maskbits - 1 is susceptible to...
Astra Linux - уязвимость в linux-5.15
A out-of-bounds memory read flaw was discovered in the parseleasestate function within the KSMBD implementation of the in-kernel Samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command along with a malformed payload to KSMBD, due to a lack of checks on the NameOffset...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: hsr: avoided possible NULL dereference in skbclone The syzbot encountered a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: MIPS: SGI-IP27: Fixed a platform-device leak in bridgeplatformcreate. In the error case when calling bridgeplatformcreate after calling platformdeviceadd/platformdeviceadddata/platformdeviceaddresources, release the failed ‘pdev’...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Added functions to register and unregister callback functions for the vblank register. We encountered a kernel panic issue where callback data would become NULL when used in the ovl irq handler. There is a timing...