9198 matches found
OESA-2026-2732 mariadb security update
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...
EUVD-2026-38716
In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...
CVE-2026-56117 dhcpcd Heap Use-After-Free via Control Socket Handling
dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...
CVE-2026-56117
CVE-2026-56117: dhcpcd up to version 10.3.2 contains a local heap use-after-free in the control socket handling (src/control.c). The root cause is that control_recvdata() can free the client object while a subsequent READ+HANGUP event reaches control_hangup() with a stale pointer, enabling memory...
PT-2026-51626
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An authorization bypass exists where three API endpoints are protected by write-level middleware instead of administrator-level middleware. This allows a collaborator with write access to perfor...
Oracle Linux 8 : firefox (ELSA-2026-27717)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-27717 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.12.0 -...
CVE-2026-47203
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a race condition when deleting the quota root from the “dirtycowonlyroots” list. When disabling quotas, we delete the quota root from the fsinfo-dirtycowonlyroots list without locking it, which requires the protectio...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bridge: cfm: Fixed a race condition in the peermep deletion process. When a peer MEP is being deleted, the canceldelayedworksync function is called on ccmrxdwork before freeing the object. However, brcfmframerx runs in a softirq...
Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: fec: removed .ndopollcontroller to avoid deadlocks. A deadlock issue was found in the sungem driver. Please refer to the commit ac0a230f719b “eth: sungem: removed .ndopollcontroller to avoid deadlocks”. The root cause of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm: renesas: rz-du: mipidsi: Fixed a kernel panic that occurred when rebooting certain panels. Since commit 56de5e305d4b “clk: renesas: r9a07g044: Added MSTOP for RZ/G2L”, we may encounter the following kernel panic when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: The issue where the isbpfmigrationdisabled function returned a false negative result when config PREEMPTRCU was not enabled was fixed. Since the commit 8e4f0b1ebcf2 “bpf: use rcureadlockdontmigrate for trampoline.c”, th...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: veth: The GRO flag is cleared when XDP is disabled, even when the device is disabled. The NETIFFGRO flag is set automatically when XDP is enabled, because both features use the same NAPI mechanism. The logic for clearing the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver, along with the ad7091r-base driver. These drivers declare iio events to notify user space when ADC readings fall...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa – Fix for the asyncdisable descriptor leak The paths for disabling asyncdisable in functions like iaacompress and decompress do not free the idxd descriptors when asyncdisable is set. Currently, this issue only occurs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Only IB representatives are reloaded when lag is disabled/enabled. When lag is disabled, the bond’s IB device, along with all its representatives, are destroyed. Then, the slaves’ representatives are reloaded. If the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in the port.c file: the disablestore function may return NULL if the hub to which the port belongs is removed concurrently...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a race condition between quota rescan and disabling quotas, which could lead to a NULL pointer derefrence. If one task attempts to start the quota rescan worker while another task attempts to disable quotas, we can e...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: Set nocfi on swsusparchresume A DABT was reported1 on an Android-based system when resuming from hibernation. This occurs because swsusparchsuspendexit is marked with SYMCODE, and it does not have a CFI hash. However,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: Do not prepare/unprepare the clock during runtime suspend/resume If there is any clock controller attached to this I2C bus controller, such as Versaclock or an AIC32x4 I2C codec, then an I2C transfer triggered by th...