Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down the link before deleting the interface We can encounter a deadlock when using rmmod to remove the driver or during firmware reset. This is because the cfg80211unregisterwdev function must bring down the link f...

Astra Linux - уязвимость в chromium

The use of “after free” in the Side Panel Search in Google Chrome before version 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through those interactions. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix for streaming cleanup upon release. The current implementation mxcisivideocleanupstreaming in mxcisivideorelease. This can lead to a situation where any release call such as from a simple v4l2-ctl -l may...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: i3c: mipi-i3c-hci: Fixed out-of-bounds access in hcidmairqhandler. Do not loop over ring headers in hcidmairqhandler, which are not allocated and enabled in hcidmainit. Otherwise, out-of-bounds access will occur when accessing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The startkthread and stopthread code was not always called with the interfacelock held. This means that the kthread variable could be unexpectedly changed causing t...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fixed improper pointer dereferencing when the error handler kthread is invalid The commit 66a834d09293 “scsi: core: Fixed error handling of scsihostalloc” changed the allocation logic to call putdevice to perform host...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: An error will occur if pixclock equals zero. The user-space program can pass any value to the driver through the ioctl interface. If the driver does not check the value of pixclock, a divide-by-zero error may occur...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в linux

A out-of-bounds memory write flaw was discovered in the Linux kernel’s joystick devices subsystem in versions prior to 5.9-rc1. This flaw allows a local user to crash the system or potentially escalate their privileges on the system. The greatest threat posed by this vulnerability is related to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: Do not reallocate the workqueue every time an interface is added. The commit 09ed8bfc5215 “wilc1000: Rename the workqueue from “WILCwq” to “NETDEV-wq” moved the creation of the workqueue in wilcnetdevifcinit, in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Avoid NULL dereference of btusbmtkclaimisointf In the btusbmtksetup function, we set btmtkdata-isopktintf to: usbifnumtoifdata-udev, MTKISOIFNUM. This function may return NULL in some cases. Even when ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A issue was discovered in the Linux kernel before version 6.6.8. The dovccioctl function in net/atm/ioctl.c has a use-after-free issue due to a race condition involving vccrecvmsg...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: There is an issue with the correct reference to the devm device for the hidinput inputdevice name. The reference should be made to the HID device, not the input device, when allocating the inputdev name. Referring t...

Astra Linux - уязвимость в qemu

A heap-based buffer overflow was discovered in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could exploit this flaw to crash the QEMU process on the host, resultin...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: added a bounds check for ifid in the IRQ handler. The IRQ handler extracts ifid from the upper 16 bits of the hardware status register and uses it to index into ethsw-ports, without any validation. Since ifid can be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fixed a use-after-free when USB is disconnected. After the powerzdisconnect function frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferenc...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mt76: mt7915: fixed NULL pointer dereference in mt7915getphymode Fixed the NULL pointer dereference in mt7915getPHYmode routine by adding an IBSS interface to the mt7915 driver. 101.137097 wlan0: Triggered a new scan to find a...

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

CVE-2026-5075

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...