Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ceph: Do not leak snaprwsem when handlecapgrant is called on an IMPORT operation. When handlecapgrant is called on an IMPORT operation, the snaprwsem resource is held, and the function is expected to release it before returning...

CVE-2026-3550

CVE-2026-3550 – RockPress (WordPress) vulnerability : RockPress

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

GHSA-VCWH-PFF9-64CC RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation

Summary The ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions creating/updating users, groups, policies, and...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992875 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snaprwsem in handlecapgrant When handlecapgrant is called on an IMPORT op, then...

JLSEC-2025-200 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by ...

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information an RSA private key by measuring cache usage during an import...

EUVD-2012-6211

Malware in sbrugna...

EUVD-2022-55330

Malicious code in bioql PyPI...

SUSE CVE-2022-50059

In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snaprwsem in handlecapgrant When handlecapgrant is called on an IMPORT op, then the snaprwsem is held and the function is expected to release it before returning. It currently fails to do that in all cases which...

DEBIAN-CVE-2022-50059

In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snaprwsem in handlecapgrant When handlecapgrant is called on an IMPORT op, then the snaprwsem is held and the function is expected to release it before returning. It currently fails to do that in all cases which...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the handlecapgrant function not releasing snaprwsem during an IMPORT operation could lead to a deadlock...

CVE-2024-23355

CVE-2024-23355 describes memory corruption in the keymaster subsystem when a shared key is imported. Public references point to Qualcomm/Android ecosystems (Keymaster) with a local attack vector, low privileges required and no user interaction, but no concrete fix version is specified in the prov...

PT-2024-19834 · Keymaster · Keymaster

Name of the Vulnerable Software and Affected Versions: Keymaster affected versions not specified Description: The issue is related to memory corruption that occurs when a keymaster operation imports a shared key. Recommendations: At the moment, there is no information about a newer version that...

DEBIAN-CVE-2020-10941

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information an RSA private key by measuring cache usage during an import...

Atlassian JIRA Server Security Bypass Vulnerability

Atlassian JIRA Server is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of problems and defects in the work. A security vulnerability exists in Atlassian JIRA Server including JIRA Core versions 7.6.0, 7.7.0, and 7.8.0 in a...

CVE-2018-7472

INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations...

Configuration Update Manager - Moderately critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2017-091

The Configuration Update Reports sub-module in the Configuration Update module project enables you to run reports to see what configuration on your site differs from the configuration distributed by a module, theme, or installation profile, and to revert, delete, or import configuration. This...

CVE-2012-6356

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation...

CVE-2012-6356

CVE-2012-6356 affects IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5. The vulnerability allows remote authenticated users to escalate privileges via vectors related to an import operation. The available sources (NVD entry and related recor...

CVE-2012-6356

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation...