1123 matches found
CVE-2026-56018
JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Timers: A race condition involving NULL function pointers was fixed in timershutdownsync. There is a race condition between timershutdownsync and timerexpiration, which can lead to a WARNON being triggered in expiretimers. The...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: Do not run mt76ustatusworker if the device is not running. Fixed the issue of NULL pointer dereferencing, preventing the mt76ustatusworker thread from being executed if the device is not running yet. KASAN:...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mmc: vub300: fix warning – do not call blocking ops when !TASKRUNNING vub300enablesdioirq works with a mutex and requires TASKRUNNING to function properly. Ensure that we mark the current context as TASKRUNNING for sleepable...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A use-after-free flaw was identified due to a race between the superblock operations in the gadgetfs Linux driver. This flaw could be triggered by removing a device that is running the gadgetfs side...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: In devcom, fix for error flow in mlx5devcomregisterdevice. In the event of a failure in devcom allocation, mlx5 always frees the private data. However, this private data might have been allocated by a different thread...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the file drivers/media/dvb-core/dvbfrontend.c within the Linux kernel version 6.2. There is a blocking operation that occurs when a task is in the !TASKRUNNING state. In the function dvbfrontendgetevent, the function waiteventinterruptible is called; the condition used i...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: posix-timers: A situation where livelock occurs in itimerdelete has been addressed. Itimerdelete includes a retry loop when the timer expires simultaneously. On non-RT kernels, this simply involves waiting until the timer callbac...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: pm8001: Fixed the runningreq for internal abort commands Disabling the remote PHY for a SATA disk causes a hang: bash root@none$ more /sys/class/sasPhy/phy-0:0:8/targetPortProtocols sata root@none$ echo 0...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pdscore: The pdsccheckpcihealth function was fixed to use a work thread for execution. When the driver detects that fwstatus == 0xff, it attempts to perform a PCI reset on itself using the pciresetfunction function within the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RSS context deletion logic We need to free the corresponding RSS context VNIC in the framework FW every time an RSS context is deleted in the driver. Commit 667ac333dbb7 added a check to delete the VNIC in the...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: netlink: Annotate accesses to nlk-cbrunning Both netlinkrecvmsg and netlinknativeseqshow read nlk-cbrunning without locking it. Use READONCE in those functions. Add corresponding WRITEONCE to netlinkdump and netlinkdumpstart...
Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image
A new satellite/iop-host-inventory-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...
CVE-2026-5834
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...
CVE-2026-45287
OpenTelemetry-Go (Go implementation) prior to version 0.0.17 leaks one file descriptor per successful ParseFile call when parsing go.opentelemetry.io/otel/schema/v1.0 and v1.1. In long-running processes, repeated schema parsing without proper file closure can exhaust the process file descriptor l...
PT-2026-46233
🔒 API Platform CVE-2026-49858: JSON:API & HAL normalizers cached components across users on long-running runtimes FrankenPHP, RoadRunner, Swoole. Patched in 4.1.29 / 4.2.25 / 4.3.8 — upgrade now. https://t.co/1oIPjtQjqB...
GHSA-995V-FVRW-C78M opentelemetry-go's Schema ParseFile leaks file descriptors on each parse
Summary go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file...
CVE-2026-45968
In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...
UBUNTU-CVE-2026-45917
In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...
PT-2026-43784
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the netdev notifier ip vs dst event and the code responsible for caching the destination dst when a device is going down. Because the Forwarding Informati...