21397 matches found
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: “aoe”: fixed the potential use-after-free issue in multiple locations. Regarding the fix for CVE-2023-6270, f98364e92662 “aoe: fixed the potential use-after-free issue in aoecmdcfgpkts” modifies the behavior so that the tx...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed a use after free for the load field of the struct zcryptcard. The reason was an...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ixgbe: fixed the PCI device reference count leak. As stated in the comments for pcigetdomainbusandslot, it returns a PCI device with the reference count incremented. After using this device, the caller must decrement the...
Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: smb: Client side – fixed a potential deadlock that could occur when releasing mids. All callers of releasemid seem to hold a reference to @mid. Therefore, there is no need to call krefput&mid-refcount, releasemid under...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the race condition issue caused by session lookup and expiration. The reference count of the session was incremented within the lock during the lookup operation, thereby avoiding the race condition related to session...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: xen: Fixed the issue where resources were not properly released in xenbusdevprobe This patch addresses a issue with the xenbusdevprobe function. In this function, within the if err branch at line 313, the program incorrectly...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: A use-after-free issue in getinfo has been fixed. The unloading of the ip6tablenat module caused a refcnt warning due to a UAF. The call trace is as follows: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ublk: Clean up user copy references on the ublk server exit If a ublk server process releases a ublk character device file, any requests dispatched to the ublk server but not yet completed will retain a reference value of...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fixed a reference leak when pmruntimegetsync fails. The PM reference count is not expected to be incremented upon returning from sprdi2cmasterxfer and sprdi2cremove. However, pmruntimegetsync will still increment the P...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: preventing a hang during link training failure Why When link training fails, the phy clock will be disabled. However, in “enablestreams”, it is assumed that link training was successful, and the mux selects the p...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a use-of-free issue in multi-channel connections. There is a race condition between the session setup process and the ksmbdsessionsderegister function. The session can be freed before the connection is added to th...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-sysman: Fixed reference leak issue. If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned. This means that we need to handle this situation appropriately. In such cases,...
CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
CVE-2026-6566
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
EUVD-2026-31063
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
CVE-2026-6566
CVE-2026-6566 affects WordPress plugin NextGEN Gallery (Photo Gallery, Sliders, Proofing and Themes) up to version 4.2.0. The vulnerability is an Insecure Direct Object Reference in the image deletion REST flow: DELETE /imagely/v1/images/{id} only enforces NextGEN Manage gallery permission and do...
CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
CGA-5QMW-JGP5-G755
Bulletin has no description...
CGA-3WCR-XVW9-78HH
Bulletin has no description...
CGA-W9PF-V2X9-WFC2
Bulletin has no description...