9212 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iavf: Freeing qvectors before queues in iavfdisablevf. The iavffreequeues function clears adapter-numactivequeues, which iavffreeqvectors relies on. Therefore, the order of these two function calls in iavfdisablevf needs to be...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add the missing .thawnoirq hook. The following warning is observed when using non-console UART instances during system hibernation: 37.371969 ------------ Cut here --- 37.376599 uart3rootclk already disabled 37.38081...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, deactivate /gfx which is enabled by default; instead,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fixed a use-after-free issue during delayed work when removing a device. The delayed work item, otgevent, is initialized in fslotgconf and scheduled under two conditions: 1. When a host controller binds to the...
Astra Linux – Vulnerability in rabbitMQ-server
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI through the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disabled the unnecessary interrupt to prevent kernel panic. There is a hardware bug where the interrupt STMBUFHALF may be triggered after or when the interrupt is disabled. This can lead to unexpected kernel pani...
Astra Linux – Vulnerability in Bacula
In Bareos Director versions 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow vulnerability allows a malicious client to corrupt the director’s memory by sending overly large digest strings during the initialization of a verify job. Disabling verify jobs can mitigate this problem. This issue h...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: Disable timeout handling If a timeout occurs, it can lead to incorrect data on the I2C bus and/or memory corruption in the guest, since the device can still be operating on the buffers it was given, even after the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fixed the issue where memory was disabled if the DVSEC CXL range did not match a CFMWS window. The Linux CXL subsystem is based on the assumption that HPA == SPA. That is, the host physical address HPA of HDM decoder...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ila: blocking BH in ilaoutput As explained in commit 1378817486d6 “tipc: blocking BH before using dstcache”, the net/core/dstcache.c helper functions need to be called with blocking BH disabled. ilaoutput is called from...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnvphp: Fixed the hotplug driver crash on Powernv The hotplug driver for powerpc pci/hotplug/pnvphp.c causes a kernel crash when attempting to hot-unplug or disable the PCIe switch/bridge from the PHB. The crash occur...
CVE-2025-53114
CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...
CVE-2025-53114
Affected software: CometD server implementations. A vulnerability arises when clients consistently set ext.ack to 1 during /meta/connect while the acknowledgement extension is enabled, causing the unacknowledged message queue to grow without bound and potentially trigger OutOfMemoryError. Affecte...
CVE-2025-53114 CometD has acknowledgement extension out of memory
CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...
CVE-2026-34355
A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system. Mitigation Disable the modproxyhtml module if...
CVE-2026-50141
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...
EUVD-2026-37897
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...
CVE-2026-50141
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...
EUVD-2026-37554
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
DEBIAN-CVE-2026-6733
Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...