62039 matches found
EUVD-2026-31067
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb – revert the use of devmkzalloc in btusb This change reverts to the behavior described in commit 98921dbd00c4e “Bluetooth: Use devmkzalloc in btusb.c file”. In btusbprobe, we use devmkzalloc to allocate the btusb...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fixed a crash that occurred when adding an interface under a latency condition. The commit 15faa1f67ab4 “lan966x: Fixed a crash that occurred when adding an interface under a latency condition” fixed a similar...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – avoid null pointer dereference in mpicmpui During NVMeTCP authentication, a controller can trigger a kernel oops by specifying the 8192-bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxtqueuememalloc The bnxtqueuememalloc function is called to allocate new queue memory when a queue is restarted. It internally accesses the rx buffer descriptor corresponding to th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dwhdmi: fix connector access for scdc The commit 5d844091f237 “drm/scdc-helper: Pimp SCDC debugs” changed the scdc interface to retrieve an i2c adapter from a connector. However, in the case of dwhdmi, the wrong...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: prevented races in -queryinterfaces It was possible for two query interfaces to simultaneously attempt to update the interfaces. This issue can be avoided by checking and updating ifacelastupdate under ifacelock...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: cfg80211: Fixed a race condition in the destruction of the netlink owner interface. My previous fix to fix this issue left a race condition where the exact same deadlock situation as referred to in the original commit could still...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: The I2CHIDREADPENDING flag has been removed to prevent a lock-up condition. The I2CHIDREADPENDING flag is used to serialize I2C operations. However, this is not necessary, as the I2C core already has its own locking...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind When the device is bound, we register the HDMI codec device. However, we do not unregister it when the device is unbound, resulting in a device leakage issue. We need to unregister...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: comedi: Fixed a memory leak in compatinsnlist. compatinsnlist handles the 32-bit version of the COMEDIINSNLIST ioctl function when CONFIGCOMPAT is enabled. It allocates memory to temporarily hold an array of struct comediinsn...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed queue reservation for XDP When XDP was configured on a system with a large number of CPUs and X722 NIC, there was a call trace involving a NULL pointer dereference. The error message was: “i40e 0000:87:00.0: Failed...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: armscpi: Fixed string overflow in the SCPI genpd driver. Without the bounds checks for scpipd-name, a buffer overflow could occur when copying the SCPI device name from the corresponding device tree node. This occurs...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Staging: greybus: uart: fixed the issue where tty was used after freeing it. The user space can keep a tty open indefinitely, and tty drivers must not release the underlying structures until the last user has left. Instead, use t...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в chromium
Inappropriate implementations in Extensions in Google Chrome on Windows prior to version 128.0.6613.84 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hci: fixed a nullptrderef in hcireadsupportedcodecs Fixed hcicmdsyncsk to return NOT NULL for unknown opcodes. hcicmdsyncsk returns NULL if a command returns a status event. However, it also returns NULL where an...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в chromium
Inappropriate implementations in WebApp installations in Google Chrome on Windows prior to version 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check the dsbr size from the EFI variable Since the size of the struct btinteldsbr is already known, we can simply start checking there instead of querying the size of the EFI variable. If the final result doe...