Astra Linux – Vulnerability in ffmpeg5

The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through libavutil/imgutils.c:353:9 in the imagecopyplane function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootctl: The sysfsemitat function was used in securebootfusestateshow. A warning is displayed when running the latest kernel on a BlueField SOC: 251.512704 ------------ Cut here ------------ 251.512711 Invalid sysfsemit:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rcv: Fixed a kernel crash caused by PRSETTAGGEDADDRCTRL. When the user space performs PRSETTAGGEDADDRCTRL, but the Supm extension is not available, the kernel crashes: Oops - illegal instruction 1 snip epc:...

Astra Linux – Vulnerability in Linux, Linux 5.10, Intel-Microcode

Incomplete cleanup in certain special register write operations for some Intel processors may allow an authenticated user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fixed a race condition during abort for file descriptors fput does not actually call fileoperations’ release method synchronously. Instead, it places the file in a work queue and releases it eventually. This is generally...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-host: The proper IRQ domain must be passed to generichandledomainirq. Starting with the commit dd26c1a23fd5 “PCI: rcar-host: Switch to msicreateparentirqdomain”, the MSI parent IRQ domain is set to NULL because the obje...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: fixed a null dereference issue when inserting elements There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: General protection fault, likely due to an non-canonical address...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: The error code in mchpeicdomainalloc has been fixed. If irqdomaintranslatetwocell sets “hwirq” to = MCHPEICNIRQ 2, it may lead to an out-of-bounds access. The code checks for invalid values, but does not set the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igc: Fixed kernel panic during ndotxtimeout callback The Xeon validation group has conducted some load tests with various hardware configurations. They observed that transmit queue timeouts occurred during these tests. This cause...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: btrfssetheadergeneration must not be moved to after cleantreeblock, because cleantreeblock calls btrfsheadergeneration from commit 55c69072d6bd5be1 “Btrfs: Fix extentbuffer usage when nodesize != leafsize”. In...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fixed the issue of “not skipping locked entries when scanning entries” The commit 6be3e21d25ca “fs/dax: not skipping locked entries when scanning entries” introduced a new function, waitentryunlockedexclusive, which waits...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: orangefs: The issue with memory leaks in orangefskernel,clientdebuginit was fixed. When the orangefs module is inserted or removed, memory leaks occur as follows: unreferenced object 0xffff88816b0cc000 size 2048: comm "insmod", p...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed issues with dfs-radar and temperature event locking. The ath12k active PDevs are protected by RCU, but the code responsible for handling DFS-radar and temperature events, which calls ath12kmacgetarbypdevid...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fixed the overflow bug in musbgadget.c The musbgadgetqueue function calls the USB function device. This function adds the passed request to musbep::reqlist. If request-length musbep-packetsz and isbuffermappedreq retur...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: fec: A potential issue related to NPD has been fixed in fecenetPhyResetAfterclkEnable. The function phyfinddevice may return NULL. Therefore, we need to be careful when dereferencing phydev...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘media: v4l2-ctrls: show all owned controls in logstatus’”. This change is reflected in commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: Wed May 8 10:02:06 2024 Possibl...

Fedora 45 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-e212182e6e)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-e212182e6e advisory. nginx-mod-brotli: - Rebuild for 1.30.3 nginx-mod-fancyindex: - Rebuild for 1.30.3 nginx-mod-modsecurity: - Rebuild for 1.30.3 nginx-mod-headers-more...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]

Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

GHSA-R253-R9JW-QG44

creationtimestamp| type| source ---|---|--- 2026-06-18 18:41:53+00:00| seen| https://gist.github.com/alon710/41babc051db96b1507f3fb804d7012be 2026-06-18 18:51:38+00:00| seen| https://gist.github.com/alon710/3807d480d537cf9538209dc130bd58ae 2026-06-18 19:02:49+00:00| seen|...

WordPress Classified Listing – AI-Powered Classified ads & Business Directory plugin <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Feature Modification vulnerability discovered by Ben Tamam Ben Tamam in WordPress Plugin Classified Listing versions = 5.4.2...