4994 matches found
CVE-2026-6292
CVE-2026-6292 affects the WordPress plugin MP Customize Login Page (versions ≤ 1.0). The issue is a CSRF vulnerability caused by a broken nonce validation in enter_mpclp_login_options() (inverted wp_verify_nonce() check and missing action parameter) and a settings-update handler hooked on init wi...
CVE-2026-6292 MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update
The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Drivers: Net: qlcnic: A potential memory leak has been fixed in qlcnicsriovinit. If the vpalloc function fails in qlcnicsriovinit, all previously allocated vp resources must be freed...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: A memory leak has been fixed in dwc3qcominterconnectinit. In the alloc Resources for path handle function of oficcget, resources should be released when they are no longer needed. This should be done similarly in...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cpufreq: The completion function is called before kobjectinitandadd. In cpufreqpolicyalloc, the uninitialized completion function is called in cpufreqsysfsrelease when kobjectinitandadd fails. This will cause a crash, such as a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: usb: dwc3-meson-g12a: Fixed an issue where the USB2 PHY glue initialization was performed when PHY0 was disabled. When only PHY1 is used for example, on Odroid-HC4, the regmap initialization code uses USB2 ports without...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: staticcall: Properly handle module initialization failures in staticcalldelmodule. Module insertion invokes staticcalladdmodule to initialize the static calls within a module. staticcalladdmodule calls staticcallinit, which...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Fuse: Abort on fatal signal during sync init When sync init is used and the server exits for some reason e.g., error, crash, the filesystem creation will hang during the processing of FUSEINIT. The reason for this issue is that...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clsact: Fixed a use-after-free issue in the init/destroy rollback asymmetry. A use-after-free occurred when initializing or destroying a clsact instance during the rollback process. This issue was addressed by first fully...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In md/raid10, the issue of null-ptr-deref in raid10syncrequest has been fixed. In initresync, the mempool is initialized, and conf-havereplacemnt is set to 0 at the beginning of the sync process. closesync frees the mempool when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/Mellanox: mlxbf-pmc – added sysfsattrinit to countClock initialization. The lock-related debugging logic CONFIGLOCKSTAT in the kernel issues the following warning when the BlueField-3 SOC is booted: BUG: The key...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the tty module, for the serial subsystem, there is a issue where the uartlite driver is registered within the init function. When two instances of the uart device are being probed, a concurrency race may occur. If one thread...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: A possible memory leak has been fixed in stmmacdvrprobe. The bitmapfree function should be called to release priv-afxdpzcqps when createsinglethreadworkqueue fails. Otherwise, a memory leak will occur. Therefore, we...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Added a check for the return value of getzeroedpage. Also, added a check for the return value of getzeroedpage in sclpconsoleinit to prevent null pointer dereferencing. Furthermore, to address the memory leak caused by...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: fixed out-of-bounds access in opsinit The netallocgeneric function is called by netalloc, which does not use any locking mechanisms. It reads maxgenptrs, which is modified under the pernetopsrwsem context. This reading occur...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: amdkfd: The gangctxbo memory is properly freed when attempting to initialize the user queue. The destructor of a gtt bo is declared as: void amdgpuamdkfdfreegttmemstruct amdgpudevice adev, void memobj; This function takes void as...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: sched: cake: Fixed an issue where a null pointer access occurred when cakeinit failed. When the default qdisc is cake, if the qdisc of devqueue fails to initialize during mqprioinit, cakereset is called to clear resources...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up sidomain in the initdmars error path A splat from kmemcachedestroy was observed in a previous version of the kernel commit ee2653bbe89d, “iommu/vt-d: Remove domain and devinfo mempool” when there was a failur...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: nuvoton: Fixed an error check in npcmvideoeceinit When the function finddevicebynode fails, it returns NULL instead of an error code. Therefore, the corresponding error check logic should be modified to check whether the...