Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/smc: corrected the incorrect listdel in smclgrcleanupearly. The function smclgrcleanupearly was supposed to delete the link group from the link group list, but it accidentally deleted the list head. This could lead to memory...

EUVD-2026-25018

The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...

CVE-2026-35370 uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership

The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...

CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Group / Role Management Fields Administrative Context Execution - Stored Cross-Site Scripting via Unsanitized Group / Role Management Inputs Description The application fails to properly sanitize user-controlled input within group and role management...

UBUNTU-CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

SUSE CVE-2023-54318

In the Linux kernel, the following vulnerability has been resolved: net/smc: use smclgrlist.lock to protect smclgrlist.list iterate in smcrportadd While doing smcrportadd, there maybe linkgroup add into or delete from smclgrlist.list at the same time, which may result kernel crash. So, use...

CVE-2023-54318 net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add

In the Linux kernel, the following vulnerability has been resolved: net/smc: use smclgrlist.lock to protect smclgrlist.list iterate in smcrportadd While doing smcrportadd, there maybe linkgroup add into or delete from smclgrlist.list at the same time, which may result kernel crash. So, use...

PCI: endpoint: Fix configfs group list head handling

...

CVE-2025-39783

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a listdel on the epfgroup field of struct pciepfdriver in pciepfremovecfs is not correct as this field is a list head, not a list entry. This listdel call triggers a KASA...

AZL-70141 CVE-2025-37856 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: harden blockgroup::bglist against listdel races As far as I can tell, these calls of listdelinit on bglist cannot run concurrently with btrfsmarkbgunused or btrfsmarkbgtoreclaim, as they are in transaction error paths and...

UBUNTU-CVE-2025-37856

In the Linux kernel, the following vulnerability has been resolved: btrfs: harden blockgroup::bglist against listdel races As far as I can tell, these calls of listdelinit on bglist cannot run concurrently with btrfsmarkbgunused or btrfsmarkbgtoreclaim, as they are in transaction error paths and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition in the btrfs block group list operation, which could result in an abnormal list...

PT-2025-20507

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the btrfs module, where the block group::bg list was not properly hardened against list del races. This issue could...

Linux Distros Unpatched Vulnerability : CVE-2023-49938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used...

Improper Access Control

libslurm.so is vulnerable to Improper Access Control. The vulnerability exists due to improper restrictions in the user-group list, which allow an attacker to perform unauthorized actions by modifying their extended group list...

The vulnerability of the /admin/group/list/ component of the TrueConf Server allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the /admin/group/list/ component of the TrueConf Server relates to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2017-20116

A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checkedgroupid leads to basic cross site scripting Reflected. It is possible to launch the attack remotely. T...

piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. piwigo admin/grouplist.php has a SQL injection vulnerability that can be exploited by attackers to delete via the group parameter...

The vulnerability of the group_list component of the Advantech R-SeeNet monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the “ord” parameter in the grouplist component of the Advantech R-SeeNet monitoring software for routers is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remote...

The vulnerability of the “company_filter” parameter in the group_list page of the monitoring software for the functions and states of Advantech R-SeeNet routers allows a perpetrator to execute cross-site scripting attacks.

The vulnerability of the “companyfilter” parameter on the grouplist page of the monitoring component of the Advantech R-SeeNet router management software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to perform...