3880 matches found
CVE-2026-56325
Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...
kernel: mptcp: fix slab-use-after-free in __inet_lookup_established
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...
PT-2026-51144
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The preview subdomain resolver uses ILIKE pattern matching instead of exact matching for app id lookup. This allows underscore characters within the app id to function as SQL wildcards. An attacker...
SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected
Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...
GHSA-4VRG-R928-H5VV SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected
Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...
DEBIAN-CVE-2026-49342
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds access vulnerability, caused by an unsanitized attribute length in ntfs inodelookupbyname, in NTFS-3G 2021.8.22...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: Fixed the dentry leak in cachefilesopenfile. A dentry leak may occur when a lookup cookie and a cull operation are performed concurrently. P1 | P2 -----------------------------------------------------------...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not trigger BUGON due to ENOMEM from btrfslookupextentinfo in walkdownproc. We have properly handled errors here. ENOMEM is not fatal; we return the error instead...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qlt24xxhandleabts The commit 8f394da36a36 “scsi: qla2xxx: Drop TARGETSCFLOOKUPLUNFROMTAG” caused the qlt24xxhandleabts function to return early if tcmqla2xxxfindcmdbytag failed to find a command...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was performing a socket lookup, taking a reference count of the socket. It w...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the rxrpclocal leak in rxrpclookuppeer. It is necessary to call rxrpcPutlocal for the peer candidate before kfree, as it holds a reference to rxrpclocal. DH: v2: The peer freeing code has been abstracted into a...
Astra Linux – Vulnerability in aspell
In GNU Aspell 0.60.8, objstack has a heap-based buffer overflow in the acommon::ObjStack::duptop function called from acommon::StringMap::add and acommon::Config::lookuplist...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCKRCUFREE The Bind lookup operation is executed under RCU; therefore, ensure that a socket does not disappear during the middle of a lookup operation...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglinkaltmode: fixed the use-after-free issue related to the DRM bridge. A recent DRM implementation that claimed to simplify support for “transparent bridges” and handling probe deferments ironically exposed a...
Astra Linux – Vulnerability in binutils
A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.31. An invalid memory access exists in the bfdstabsectionfindnearestline function in syms.c. Attackers could exploit this vulnerability to cause a denial of service application...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is a standards-based, open-source printing system for Linux and other Unix-like operating systems. Starting from version 2.0.0 and before version 2.4.6, CUPS logged data to the logging service after the connection was closed, when it should have logged the data just before that...
Astra Linux – Vulnerability in Linux 5.10
A flaw was discovered in the IPv6 module of the Linux kernel. The arg.result parameter was not used consistently in fib6rulelookup; sometimes rt6info was used, and other times fib6info. This issue was not accounted for in other parts of the code, where rt6info was expected to be used...
Astra Linux – Vulnerability in isc-dhcp
In ISC DHCP 4.4.0 - 4.4.3, and ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addOption, it increments the refcount field of the option. However, there is no corresponding call to optiondereference to decrement the refcount field. The function addOptio...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: USB: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise memory leaks will occur over time. To simplify things, simply call debugfslookupandremove, whic...