GHSA-JR54-JWHJ-55GP NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

PT-2026-46998

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

PT-2026-46881

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

PT-2026-46848

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fixed the leak of rcvhdrtaildummykvaddr. This buffer is currently allocated in hfi1init. c if reinit ret = initafterresetdd; else ret = loadtimeinitdd; if ret goto done; / Allocate dummy tail memory for all receive...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: The dummy regulator must be checked before being used. Due to asynchronous driver probing, there is a possibility that the dummy regulator may not have been checked when accessed for the first time...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83793 Fixed NULL pointer dereferencing by removing unnecessary structure fields. If the driver reads a temporary value that satisfies the following conditions: tmp & 0x08 && !tmp & 0x80 && tmp & 0x7 == tmp 4 & 0x7 from th...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fixed a use-after-free in sndsocexit KASAN reported a use-after-free: BUG: KASAN: Use-after-free in devicedel+0xb5b/0xc60 A size 8 byte read at address ffff888008655050 was performed by the task rmmod/387. CPU: 2; PID...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid dividing by zero by initializing the dummy pitch to 1. Why If the dummy values in populatedummydmlsurfacecfg are not updated, they can lead to a division by zero in downstream calls such as...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat complex history. The synchronization mechanism was introduced in commit 7dbd8f4cabd9...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83792d Fixed NULL pointer dereferencing by removing unnecessary structure fields. If the driver reads a value that is sufficient for the condition: val & 0x08 && !val & 0x80 && val & 0x7 == val 4 & 0x7 NULL pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: sn-f-ospi: Fix for division by zero When there is no dummy cycle in the spi-nor commands, both the dummy bus cycle bytes and the width are zero. Due to the CPU’s warning when dividing by zero, this situation should be avoide...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes, a NULL pointer dereference occurs during boot time in the kobjectget function, with the following call stack: anatopregulatorprobe, devmregulatorregister, regulatorregister,...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed handling of dummy receive descriptors. A memory leak caused by improper handling of dummy receive descriptors was also fixed. iavfgetrxbuffer now sets the rxbuffer return value for dummy receive descriptors. Without...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: A fix was added to avoid a division error. For some SPI flash memory operations, dummy bytes are not required. For example, in Winbond SPINAND flash memory devices, the writecache and updatecache operations do not...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iio: core: Prevent invalid memory access when there is no parent device. The commit 813665564b3d “iio: core: Convert to use firmware node handle instead of OF node” changed the type of nodes used for label retrieval in device...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Fixed NULL pointer dereferencing by removing unnecessary structure fields. If the driver reads a value that is sufficient for the condition: val & 0x08 && !val & 0x80 && val & 0x7 == val 4 & 0x7 NULL pointer...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfc: pn533: Wait for outurb’s completion in pn533usbsendframe A use-after-free issue occurred in hcd when the inurb sent from pn533usbsendframe was completed earlier than outurb. The callback in pn533sendComplete frees the skb...