1691 matches found
Astra Linux – Vulnerability in dpdk
A flaw was discovered in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as auxiliary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By continuously sending such messages, the malicious...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/mxsfb: Disabling the overlay plane in mxsfbplaneoverlayatomicdisable When disabling the overlay plane in mxsfbplaneoverlayatomicupdate, the framebuffer pointer of the overlay plane is NULL. Therefore, dereferencing it would...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switching to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors, the mapped surfaces started being cached, but...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: add a check for dpuplaneatomicprintstate to prevent invalid sspp values. Similar to the rpipe sspp protection, a check is added to prevent printing of the pipe’s state in a way that could lead to a NULL pointer...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference a NULL pointer during plane reset. The plane state in drmgemresetshadowplane can be NULL. Do not dereference that pointer; instead, pass NULL to the other plane-reset helpers. Clear plane-state to NU...
Astra Linux – Vulnerability in OVN
A flaw was discovered in Open Virtual Network, where the service monitor MAC does not properly implement rate limiting. This issue could allow an attacker to cause a denial of service, even in deployments with CoPP enabled and properly configured...
Astra Linux – Vulnerability in dpdk
NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly. This vulnerability can allow a remote attacker to cause denial of service, as well as affect data integrity and confidentiality...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/vc4: Do not check if plane-state-fb == state-fb Currently, when using non-blocking commits, the following kernel warnings can be observed: 110.908514 ------------ Cut here ------------ 110.908529 refcountt: Underflow; Use...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: Failure to properly handle cases where a primary plane for a video-port is missing. Each window of vop2 is usable by a specific set of video ports. Therefore, when binding vop2, we iterate through the list of...
Astra Linux – Vulnerability in ffmpeg5
The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through libavutil/imgutils.c:353:9 in the imagecopyplane function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/plane: Fixed the return value of createinformatblob createinformatblob is supposed to return a valid pointer or an error; it should never return NULL. The caller will dereference the blob if there is no error, and thus will...
Astra Linux – Vulnerability in dpdk
A flaw in the permissive list of allowed inputs was discovered in DPDK. This issue allows a remote attacker to trigger a denial of service by sending a crafted Vhost header to DPDK...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Do not leak some plane state. Apparently, no one noticed that the mdp5 plane states are being leaked quite severely. This issue was addressed since we introduced the planestate-commit refcount mechanism a few years...
CVE-2026-11752
A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...
CVE-2026-11752
A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...
CVE-2026-11752
Armeria-xds versions 1.38.0–1.39.0 contain a vulnerability in DataSourceStream where control-plane-supplied filenames and environment_variable fields from SDS secrets are resolved without any allow-list or base-directory confinement. A semi-trusted or compromised xDS control plane (or an attacker...
UBUNTU-CVE-2026-11311
When NGINX Plus is configured as the data plane for NGINX Gateway Fabr...
PT-2026-50823
Name of the Vulnerable Software and Affected Versions armeria-xds versions 1.38.0 through 1.39.0 Description DataSourceStream in the xDS module resolves filename and environment variable fields from SDS Secret resources without an allow-list or base-directory confinement. This allows a compromise...
CVE-2026-48989
Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...
CVE-2026-48989 Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS
Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...