2272 matches found
Astra Linux - уязвимость в chromium
In the Managed Devices API of Google Chrome, before version 104.0.5112.79, a remote attacker who convinced a user to enable a specific Enterprise policy could potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason, it can lead to a double-free when unloading amd-pmf. This occurs because dev-buf was freed but never set to NULL, and then freed...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All resources used by this driver have managed interfaces; therefore, use them. Otherwise, we will encounter the following error: 4.472703 denali-nand-pci 0000:00:05.0: Timeout...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fixed the warning in isl29028remove The driver uses a non-managed form of the register function in isl29028remove. To maintain the release order that mirrors the ordering in probe, the driver should also use...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: fsl-qdma: A memory leak related to the queue command’s DMA operations has been fixed. The call to dmaalloccoherent is not rolled back either in the remove function or in the error handling path of fslqdmaprobe. Swit...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: leds: mlxreg: Use devmmutexinit for mutex initialization In this driver, LEDs are registered using devmledclassdevregister, so they are automatically unregistered after the module’s remove function is called. The...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: smartpqi: Fix for disablemanagedinterrupts The issue with the registration of blk-mq when the disablemanagedinterrupts parameter is enabled has been corrected. When the default PCIIRQAFFINITY flag is disabled, the driver...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: spi: Fixed the simplification of devmspiregistercontroller. This change is reflected in commit 59ebbe40fb51 “spi: simplified devmspiregistercontroller“”. If devmaddaction fails in devmaddactionorreset, devmspiunregister will be...
Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation
Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...
GHSA-M23H-6MWM-39M8 Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation
Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...
CVE-2026-37981
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...
CVE-2026-37981
Keycloak CVE-2026-37981 describes a broken access control in the Account Resources user lookup endpoint, where a remote authenticated user owning at least one UMA resource can enumerate and harvest PII for all realm users by sending crafted requests with arbitrary usernames or emails. The endpoin...
CVE-2026-37981 Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access control in user lookup endpoint
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...
CVE-2026-37981 Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access control in user lookup endpoint
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...
EUVD-2026-30881
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...
CVE-2026-37981
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...
[SECURITY] Fedora 43 Update: mod_md-2.6.11-2.fc43
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
[SECURITY] Fedora 44 Update: mod_md-2.6.11-2.fc44
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
PT-2026-41871
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A broken access control issue exists in the Account Resources user lookup endpoint. A remote authenticated user who owns at least one User-Managed Access UMA resource can enumerate and harve...
SUSE CVE-2026-43480
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...