Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: The function platformgetresource was replaced with the function devmplatformioremapresourcebyname. This function is called using 0 as the name. Eventually, this leads to a call to platformgetresourcebyname in the ca...

PT-2026-37154

Name of the Vulnerable Software and Affected Versions OmniFaces versions prior to 1.14.2 OmniFaces versions prior to 2.7.32 OmniFaces versions prior to 3.14.16 OmniFaces versions prior to 4.7.5 OmniFaces versions prior to 5.2.3 Description Server-side Expression Language EL injection allows for...

EUVD-2022-54780

Malicious code in bioql PyPI...

EUVD-2022-54784

Malicious code in bioql PyPI...

CVE-2022-50364

In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return value after calling platformgetresource It will cause null-ptr-deref in resourcesize, if platformgetresource returns NULL, move calling resourcesize after devmioremapresource that will check 'res' to...

CVE-2022-50364

In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return value after calling platformgetresource It will cause null-ptr-deref in resourcesize, if platformgetresource returns NULL, move calling resourcesize after devmioremapresource that will check 'res' to...

SUSE CVE-2022-49323

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in armsmmudeviceprobe It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoid...

UBUNTU-CVE-2022-49491

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: fix possible null-ptr-deref in vopbind It will cause null-ptr-deref in resourcesize, if platformgetresource returns NULL, move calling resourcesize after devmioremapresource that will check 'res' to avoid...

CVE-2022-49487 mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: intel: fix possible null-ptr-deref in ebunandprobe It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoid...

CVE-2022-49449 pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()

In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: rzn1: Fix possible null-ptr-deref in shpfcmapresources It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoi...

CVE-2022-49445

In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: core: Fix possible null-ptr-deref in shpfcmapresources It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoi...

CVE-2022-49445 pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()

In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: core: Fix possible null-ptr-deref in shpfcmapresources It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoi...

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

CVE-2007-4470

Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors...

CVE-2007-4470

The CVE-2007-4470 entry describes multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control (NCSView.dll) shipped with ER Mapper ECW JPEG 2000 Plug-in before version 8.1, affecting the NCSView ActiveX control prior to 3.4.0.242. This allows remote attackers to ex...