Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlanremoveone. priv is netdev’s private data, and it cannot be used after a freenetdev call. Using priv after freenetdev can cause a UAF bug. This issue is fixed by moving the freenetdev call to the end of the...

Astra Linux - уязвимость в linux-6.1

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mmc: omaphsmmc: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in mmcallochost may be leaked. 2. In the...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: rcarfdp1: Fixed a reference count leak in the probe and remove functions. rcarfcpget takes a reference, which should be balanced with rcarfcpput. Added the missing rcarfcpput function in fdp1remove, and corrected the error...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Binder: Fixed another UAF in binderdevices. The commit e77aff5528a18 "binderfs: fixed a use-after-free in binderdevices" addressed a use-after-free where devices could be released without first being removed from the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fixed the warning in isl29028remove The driver uses a non-managed form of the register function in isl29028remove. To maintain the release order that mirrors the ordering in probe, the driver should also use...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panel: A possible null pointer dereference in jdipaneldsiremove has been fixed. In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: c if !jdi mipidsidetachdsi; However, when jdi is NULL, the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driveroverride when rpmsgremove Free driveroverride when rpmsgremove. Otherwise, the following memory leak will occur: Unreferenced object 0xffff0000d55d7080 size 128: Comm "kworker/u8:2", pid 56, jiffies...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A use-after-free flaw was discovered in ndlcremove in drivers/nfc/st-nci/ndlc.c within the Linux kernel. This flaw could allow an attacker to cause the system to crash due to a race condition...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: added a missing clkdisableunprepare call in intelethpciremove. The commit 09f012e64e4b “stmmac: intel: Fix clock handling on error and remove paths” removed this clkdisableunprepare call. This issue was partially...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: power: supply: bq27xxx: Fixed handling of pollinterval and races during removal operations. Before this patch, bq27xxxbatteryteardown set pollinterval to 0 to avoid requeuing the delayedwork item during bq27xxxbatteryupdate...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix out-of-bounds when setting channels on remove If we set channels larger during iavfremove, and waiting reset done would be timeout, then returned with error but changed numactivequeues directly, that will lead to OOB li...

Astra Linux - уязвимость в ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, certain configurations of Rails::Html::Sanitizer could potentially introduce XSS vulnerabilities. An attacker could inject content if the application developer overrides the sanitizer’...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: A buggy exit annotation for the remove function was removed. With tpd12s015remove marked with exit, this function is discarded when the driver is compiled as a built-in component. As a result, when the driv...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the memory leak in sashba.phy in mpi3mrremove. Released mrioc-sashba.phy during .remove...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix for hang during reboot/shutdown The recent commit 974578017fc1 “iavf: Add waiting so that the port is initialized in remove” adds a wait-loop at the beginning of iavfremove, to ensure that port initialization is complet...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A issue was discovered in the Linux kernel through version 6.3.8. A use-after-free was found in ravbremove in drivers/net/ethernet/renesas/ravbmain.c...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: imx: Do not skip cleanup in the error path of the remove function Returning early in the remove callback of a platform driver is incorrect. In this case, the DMA resources are not released during the error path. This issue i...

CVE-2026-8424

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

MAL-2026-4242 Malicious code in foundy-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d117fe522ec0aee9271963b02fb9a61b7e5005b5494331368b58f46c05c944cd On npm install, the package's postinstall script runs an inline node -e that shells out to curl -fsSL against an ephemeral Pinggy free-tier tunnel ho...