3099 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...
GHSA-6PJF-3R9X-M592 Distribution's tag deletion bypasses `storage.delete.enabled` configuration
Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...
CVE-2026-3504
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...
CVE-2026-41925
CVE-2026-41925 affects WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi reboot_time function is vulnerable to OS command injection: unauthenticated remote attackers can inject shell commands via the reboot_time POST parameter when reboot_enabled=1, enabling remote code executio...
CVE-2026-41925
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the adm.cgi binary's reboottime function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboottime POST parameter. Attacke...
PT-2026-37158
Name of the Vulnerable Software and Affected Versions Distribution versions prior to 3.1.1 Description An authorization bypass exists where tag deletion via the "/v2//manifests/" endpoint ignores the storage.delete.enabled: false configuration. This allows any API client to remove tags from...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rv: Enabledmonitors should be fully converted to using structlisthead as the iterator. The callbacks in enabledmonitorsseqops are inconsistent. Some treat the iterator as struct rvmonitor, while others treat the iterator as...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: lib/testkho: Check whether KHO is enabled. We must check whether KHO is enabled before issuing KHO commands; otherwise, the KHO internal data structures will not be initialized...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix for panic due to PSLVERR When the PSLVERRRESPEN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR Receive Buffer Register while the FIFO is enabled. In...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fixed deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional, there is a deadlock with the ‘statelock’ spinlock between ks8851startxmitspi and ks8851irq: Watchdog: BUG: Soft lock...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/Kconfig: make CFIAUTODEFAULT dependent on !RUST or Rust = 1.88 Calling core::fmt::write from Rust code while FineIBT is enabled results in a kernel panic: 4614.199779 Kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343...
Astra Linux – Vulnerability in Thunderbird
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive Chrome-level privileges; however, it could be used as a stepping stone for further attacks involving other vulnerabilities. This vulnerability affects...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: BPF, sockmap: Prevent lock inversion deadlock in mapdeleteelem operation. The syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Since BPF tracing programs can be invoked fr...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RISCV: Fixed sleeping in an invalid context in die. Die can be called in an exception handler, and therefore cannot sleep. However, die takes spinlockt, which can sleep when PREEMPTRT is enabled. This causes the following warning...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: The userfaultfdapi function has been fixed to return EINVAL as expected. Currently, if we request a feature that is not set in the kernel configuration, we will fail silently and return all available features. However, the manual...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed UAF Use-after-Free issues when detecting digest errors. We should also exit the iowork loop when setting rdenabled to true, so that we do not attempt to read data from the socket when the TCP stream is already...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9khtc: Abort software beacon handling if disabled. A malicious USB device can send an WMISWBAEVENTID event from an ath9khtc-managed device before beaconing is enabled. This causes a device-by-zero error in the driver,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘drm/amd/pm: resolve reboot exception for si oland’” This fix is reflected in commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. This issue causes hangs on SI when DC is enabled, and errors occur during driver-related reboo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The value of UnboundedRequestEnabled was checked. The UnboundedRequestEnabled parameter in CalculateSwathAndDETConfigurationparamsst is a pointer i.e., dmlboolt UnboundedRequestEnabled. Therefore, if...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme: Fixed a multipath crash caused by the flush request when blktrace is enabled. The flush request initialized by blkkickflush has a NULL bio. This issue may be addressed during the nvmeendreq operation during io completion...