4541 matches found
Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...
Astra Linux – Vulnerability in Linux, Linux 5.10
In lgprobe and related functions of hid-lg.c and other USB HID files, there is a possible out-of-bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device is connected, without the need for additional execution privileges. User...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031probe When reworking and splitting the at803x driver, a NULL dereference bug was identified in the function that splits at803x PHYs. In this bug, the variable priv is referenced...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fixed resource leaks during component removal The MBHC resources must be released in case of component probe failures and removals; therefore, they cannot be tied to the lifetime of the component device...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fixed the race condition related to resume-probe. A race condition related to resume-probe was identified in kernel version 7.0, with the commit 38fa29b01a6a “i2c: designware: Combine the init functions”...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: removed the unused checkbuddypriv function. The commit 2461c7d60f9f “rtlwifi: Update header file” introduced a global list of private data structures. Later, the commit 26634c4b1868 “rtlwifi: Modify existing bits t...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - media: rga: fixed a possible memory leak in rgaprobe. - rga-m2mdev needs to be freed when rgaprobe fails...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: PM: hibernate: deferring device probing when resuming from hibernation syzbot is reporting a hung task at miscopen, due to a race condition involving the probecount variable. Currently, waitfordeviceprobe from snapshotopen and...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtionet: Added a check for hashkeylength. A check for hashkeylength was added in virtnetprobe to avoid possible out-of-bounds errors when setting/read the hash key...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Video: fbdev: smscufx: Fixed null-ptr-deref in ufxusbprobe I received a report of a null-ptr-deref issue: Bug: NULL pointer dereferencing in the kernel; address: 0000000000000000 … RIP: 0010:fbdestroymodelist+0x38/0x100 … Call...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: A resource leak has been fixed in the remove function. A call to tmiommchostfree is missing from the remove function. This is to balance the call to tmiommchostalloc in the probe. This issue occurs in the error...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Drivers: Serial: JSM – fixed some leaks in the probe. This error path needs to be unwound instead of just being returned directly...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: mediatek: mt8173-rt5650: Fixed a refcount leak in mt8173rt5650devprobe. The ofparsephandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when it is no longer needed. Fixed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rtc: msc313: The mismatch between function prototypes in msc313rtcprobe has been fixed. With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: -misc: fastrpc: fix memory corruption on probe A missing sanity check has been added to the count of probed sessions, to prevent memory corruption beyond the fixed-size slab-alocated session array when there are more than...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: libertas – Fixed a possible reference count leak in ifusbprobe. The function usbgetdev will be called before lbsgetfirmwareasync. This means that the function usbputdev must be called when lbsgetfirmwareasync fails...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: spi: tegra: A memory leak has been fixed in tegraslinkprobe. In tegraslinkprobe, when platformgetirq fails, it directly returns from the function with an error code, resulting in a memory leak. This issue can be addressed by...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fixed a refcount leak in mt8183mt6358ts3a227max98357devprobe. The node returned by ofparsephandle has a refcount that is incremented; ofnodeput must be called when using it again. Therefore, this issue nee...
MAL-2026-5982 Malicious code in metrics-probe-77d4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d079b30dbb30db1a61acddcd094d2e7e67e7ef466d624e4ad2392edc9d9203e On install, package.json runs postinstall: node run.js. run.js imports os, fs, http, https, and childprocess and at runtime collects host identifiers...
PT-2026-50362
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Packaged Air Conditione...