Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Staging: vt6655 – Fixed some erroneous memory cleanup loops. In some initialization functions of this driver, memory is allocated using ‘i’ as an index variable, with the value increasing from 0. The “Fixes” section includes...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize freeqp completion before using it. In irdmacreateqp, if ibcopytoudata fails, it will call irdmadestroyqp to clean up. This process will attempt to wait for the completion of freeqp, but freeqp has not yet...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb – fix an invalid memory access If the croseckeybregistermatrix function is not called due to “buttonsswitchesonly” in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access occurs in croseckeybproces...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register the event handler until the srpt device is fully set up. In rare cases, KASAN reports a use-after-free error in the srptrefreshport function. This appears to occur because the event handler is registere...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Performing early GT MMIO initialization to read the GMDID. VFs need to communicate with the GuC to obtain the GMDID value. Existing GuC functions that use this information assume that the GT has already set up its MMIO...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021607 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of...

PT-2026-42057

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021642 advisory. In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in...

Linux Distros Unpatched Vulnerability : CVE-2026-43369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to...

Linux Distros Unpatched Vulnerability : CVE-2026-43312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe,...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021654 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2getinitinode fails syzbot is reporting busy inodes after unmount, for...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021559 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfbinit fails When the default qdisc is sfb, ...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021528)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021528 advisory. In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021565)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021565 advisory. In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid maxflowrings from dongle When firmware hit trap at...

webkitgtk: Processing maliciously crafted web content may disclose internal states of the app

A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the GenFileChangeEvents handler. An attacker can obtain continuous access to sensitive file and directory information by connecting to the SSE endpoint without authentication. Remediation...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the getKnowledgeBaseForInitialization function. An attacker can gain unauthorized access to knowledge base data and potentially modify or disrupt information by manipulating the kbId...

CVE-2026-8786

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

EUVD-2026-30730

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

CVE-2026-8786 Tencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorization

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...