BIT-GITLAB-2026-8716 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...

Jenkins LDAP Plugin 安全漏洞

The Jenkins LDAP Plugin is an open-source Jenkins directory service authentication plugin developed by Jenkins. The Jenkins LDAP Plugin version 807.v7d7de30930cf and earlier versions have security vulnerabilities, which stem from adherence to LDAP references...

Advisory ROSA-SA-2026-3271

Software: open-vm-tools 12.5.2 OS: ROSA-CHROME unaffected versions = open-vm-tools-12.5.2-1 affected versions open-vm-tools-12.5.2-1 CVE-ID: CVE-2025-22247 BDU-ID: 2025-05681 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to incorrectly identifying a...

PT-2026-37426

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the netfilter ctnetlink component allows for unsafe access to the master conntrack object. Holding a reference to the expectation is insufficient because the master conntrack...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Under NFSv4.1, fix the issue where double svcxprtput operations on rpccreate cause failures. In case of an error, clp-clcbconn.cbxprt should not be referenced as referring to xprt. Otherwise, both client cleanup and erro...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before shedule link down work...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerabilities have been resolved: drm/shmem-helper: Removed the erroneous “put” operation in the error path. The drmgemshmemmmap function does not handle this reference properly, resulting in the GEM object being freed prematurely, leading to a “use-after-free...

CVE-2026-31604

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the...

CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

EUVD-2026-15408

cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the getuserbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38282)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38282 advisory. - In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining gua...

CVE-2022-50834

In the Linux kernel, the following vulnerability has been resolved: nfc: Fix potential resource leaks nfcgetdevice take reference for the device, add missing nfcputdevice to release it when not need anymore. Also fix the style warnning by use error EOPNOTSUPP instead of ENOTSUPP...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992519 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv4.1, fix double svcxprtput on rpccreate failure On error situation...

DEBIAN-CVE-2025-40316

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix device use-after-free on unbind A recent change fixed device reference leaks when looking up drm platform device driver data during bind but failed to remove a partial fix which had been added by commit...

CVE-2025-40316 drm/mediatek: Fix device use-after-free on unbind

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix device use-after-free on unbind A recent change fixed device reference leaks when looking up drm platform device driver data during bind but failed to remove a partial fix which had been added by commit...

CVE-2025-40270

CVE-2025-40270 pertains to the Linux kernel vulnerability in the swap/cache path affecting VMA readahead. The root cause described across sources is that after the commit 78524b05f1a3, the common helper in the swap cache layer stopped taking a swap device reference internally because callers alre...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989445)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989445 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver...

kernel: ipv6: mcast: Delay put pmc->idev in mld_del_delrec()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc-idev in mlddeldelrec pmc-idev is still used in ip6mcclearsrc, so as mldcleardelrec does, the reference should be put after ip6mcclearsrc return...

EUVD-2016-0985

Malware in sbrugna...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from failure to properly handle references when device registration fails, which could result in a null pointer...