8657 matches found
CVE-2026-42782
Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...
CLSA-2026-1779467653 libssh: Fix of 4 CVEs
CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...
Insecure Default Initialization of Resource
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: bpfiterscxdsqnew should always initialize the iterator. BPF programs may call next and destroy on BPF iterators even after new returns an error value e.g., the bpfforeach macro ignores error returns from new...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Fork: Defer linking of vma until vma is fully initialized. Thorvald reported a WARNING 1. The root cause of the issue lies in a race condition: CPU 1 CPU 2 fork hugetlbfsfallocate dupmmap hugetlbfspunchhole...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: fixed a crash that occurred due to the removal of an uninitialized entry. A crash occurred when trying to remove the conntrack entry from the hash bucket list: exception RIP: nfctdeletefromlists+172 .. 7...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: fix time stamp counter initialization If the gsusb device driver is unloaded or unbound before the interface is shut down, the USB stack first calls the struct usbdriver::disconnect function, and then the struct...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ICE: Fix for the crash in the ethtool offline loopback test. Since the conversion of ICE to page pool, the ethtool loopback test crashes. BUG: Kernel NULL pointer dereference, address: 000000000000000c PF: Supervisor write access...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sendone: fixed the issue of missing CAN header initialization. The read access to struct canxlframe::len within a j1939 object revealed that the reserved elements in struct canframe were not properly initialized...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtw89 – Fixed a potential race condition between napiinit and napienable. A race condition can occur if netdev is registered, but NAPI is not initialized yet. Meanwhile, the user space starts the netdev that will enable...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: stmmac: Clearing the variable when destroying the workqueue Currently, when suspending the driver and stopping the workqueue, it is checked whether workqueue is not NULL. If it is NULL, the workqueue is destroyed. The function...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid a memory leak in f2fsrename. syzbot reported the following bug: BUG: Memory leak Unreferenced object: 0xffff888127f70830 size 16: Command: “syz.0.23”, PID 6144, jiffies 4294943712 Hex dump first 16...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the missing initialization of the mrioc-evtackcmds array. The commit c1af985d27da “scsi: mpi3mr: Add Event acknowledgment logic” introduced an array mrioc-evtackcmds, but the initialization of its elements was...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: um: line: always fill errorout in setuponeline The pointer is not initialized by the callers, but I’ve encountered cases where it is still printed; initialize it in all possible cases within setuponeline...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Media: ti-vpe: cal: Fixed a NULL pointer dereference in calctxv4l2initformats In calctxv4l2initformats, devmkzalloc is assigned to ctx-activefmt, and there is a dereference of it afterward. This could lead to a NULL pointer...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: media: vidtv: Fixed a null pointer dereference in vidtvmuxstopthread. A report from syzbot indicated a null pointer dereference in vidtvmuxstopthread. 1 If dvb-mux is not initialized successfully by vidtvmuxinit during...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Start the MHI channel after endpoint creation The MHI channel may generate an event/interrupt right after enabling. This can lead to two race condition issues: 1 Such events may be dropped by the qcommhiqrtrdlcallback...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mctp: Fixed an error handling path in mctpinit. If mctpneighinit returns an error, the route resources should be released during the error handling path. Otherwise, some resources may be leaked...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to prevent race conditions during the fsyncentryslab access by multiple f2fs filesystem instances. As reported by syzbot, there is a use-after-free issue during f2fs recovery: A use-after-free occurs when...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: vlan: fixed an underflow issue related to the realdev refcnt. An error is injected before devholdrealdev in registervlandev, and the following testcase is executed: bash ip link add dev dummy1 type dummy ip link add name...