8149 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortexa76erratum1463225debuggerHandler function is called when handling debug exceptions and synchronous exceptions from BRK instructions. If the compiler does not inline...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/slab: Added alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be observed: 3959.023862 ------------ Cut here ------------ 3959.023891 alloctag was not...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in respmodeselect+0xa4c/0xb40 drivers/scsi/scsidebug.c:2509...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fixed a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS are selected, cpumaxbitswarn generates a runtime warning similar to the following, while we display /proc/cpuinfo. This...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/lima: Fix for shared interrupt handling during driver removal. lima uses a shared interrupt; therefore, the interrupt handlers must be prepared to be called at any time. During driver removal, the clocks are disabled early, b...
Astra Linux - уязвимость в binutils
A vulnerability was discovered in GNU Binutils 2.44 and is classified as problematic. This issue affects the processdebuginfo function in the binutils/dwarf.c file, within the DWARF Section Handler component. The vulnerability results in a memory leak. Local attacks are required to exploit this...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: mm/debugvmpgtable: Clear page table entries at destroyargs The mm/debugvmpagetable test manually allocates page table entries for the tests it runs, using its manually allocated mmstruct. This is fine on its own, but when it exit...
Astra Linux - уязвимость в python-oslo.utils
A flaw was discovered in python-oslo-utils. Due to improper parsing, passwords that contain double quotes " cause incorrect masking in debug logs, resulting in any part of the password after the double quote being displayed as plain text...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021531)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021531 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct...
PT-2026-42261
Name of the Vulnerable Software and Affected Versions amazon-mq rabbitmq-aws versions prior to 0.2.1 Description Active debug code in the ARN resolver allows remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. This occurs because the 'PUT...
Algernon: Single-file mode unconditionally enables debug mode
Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...
GHSA-FWQX-8365-9983 Algernon: Single-file mode unconditionally enables debug mode
Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...
ALPINE-CVE-2026-23557
Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define NDEBUG for xenstore...
CVE-2026-23557
Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define NDEBUG for xenstore...
CVE-2026-23557
Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define NDEBUG for xenstore...
EUVD-2026-30925
Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define NDEBUG for xenstore...
kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpurun loop to fix a bug where KVM can load hardware with a stale...
PT-2026-41970
Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...
CVE-2026-41948
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...
CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...