3057 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed the locking usage for tcon fields. Previously, we used cifstcpseslock to protect many objects that weren’t just server, ses, or tcon lists. Later, we introduced svrlock, seslock, and tc Lock to protect fields withi...
EUVD-2026-38706
In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...
CVE-2026-52936
The CVE-2026-52936 entry describes a Linux kernel fix in crypto/jitterentropy where the jent_kcapi_random() path previously held a spinlock across jent_read_entropy(), causing potential stalls during entropy generation. The vulnerability arises because this spinlock protected an expensive operati...
Linux Distros Unpatched Vulnerability : CVE-2026-52936
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock acros...
PT-2026-51638
Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.1 Description The HTTP backend in mise improperly handles version strings for non-latest versions when creating install symlinks. Instead of using a sanitized version pathname, it uses the raw resolved version...
EUVD-2026-38230
Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...
CVE-2026-44914
Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...
CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents
Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...
@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
Arbitrary Cloudinary API Parameter Signing in @jhb.software/payload-cloudinary-plugin Summary @jhb.software/payload-cloudinary-plugin v0.3.4 exposes a server-side signing endpoint POST /api/cloudinary-generate-signature that passes attacker-supplied paramsToSign directly to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Issues in mpi3mrgetalltgtinfo have been fixed. The function mpi3mrgetalltgtinfo has four issues: 1. It calculates the valid entry length in alltgtinfo assuming that the header part of the struct mpi3mrdevicemapin...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: fixed a use-after-free in twtimerhandler A real-world panic issue was discovered in Linux 5.4. The details of the issue are as follows: - Bug: Unable to handle a page fault for the address: ffffde49a863de28 - Memory layout:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later. If the system does not start from a reset state such as when it is booted via kexec, the peripheral device may trigger an IRQ before the data structures are initialized. 0.227710 Unab...
Astra Linux – Vulnerability in Linux
A issue was discovered in netfilter within the Linux kernel before version 5.10. There may be a use-after-free situation in the packet processing context, as the per-CPU sequence count is mishandled during concurrent iptables rule replacements. This vulnerability could be exploited with the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: Device name buffers passed to the device replace function are properly validated for string termination. This prevents a read out of bounds situation in the getnamekernel function. There is a syzbot report...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: hsr: The WARNONCE function was removed from the sendhsrsupervisionframe function. Syzkaller reported 1 that a warning was issued after attempting to allocate resources for skb in hsrinitskb. Since calling WARNONCE does not...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme: fixed memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. The upper limit is PRKEYSMAX 64K. A malicious or buggy userspace...
GHSA-MX8G-39Q3-5C79 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
Impact When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...
D-Link Network Attached Storage - Command Injection and Backdoor Account
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...
Malicious code in solana-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...
MAL-2026-5860 Malicious code in solana-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...