1164 matches found
CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7277387)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7277387 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Mark the bpf prog stack with kmsanunpoisonmemory in interpreter mode. syzbot reported uninitialized memory usage during maplookup,deleteelem. ========== BUG: KMSAN: uninitvalue in devmaplookupelem kernel/bpf/devmap.c:441...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet; mtkethsoc: fixed the issue of PPE hanging. A patch to resolve this issue was found in MediaTek’s GPL-licensed SDK. In the mtkppestop function, the PPE scan mode is not disabled before disabling the PPE. This...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dma-debug: Do not call dmaentryalloccheckleak under freeentrieslock. dmaentryalloccheckleak calls into printk, which outputs to the serial console qcom geni. It also acquires port-lock under freeentrieslock. This involves a rever...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
Closing an event channel in the Linux kernel can lead to a deadlock. This occurs when the closure operation is performed in parallel with an unrelated Xen console action, and the handling of a Xen console interrupt occurs in a unprivileged guest. The closure of an event channel is triggered, for...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A null pointer dereference flaw was discovered in the hugetlbfsfillsuper function within the Linux kernel’s hugetlbfs Huge TLB pages functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously, the cp2112 driver called INITDELAYEDWORK within cp2112 gpioirqstartup, resulting in duplicate initializations of the workqueue during subsequent IRQ starts after an...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Added the missing skbmarkforrecycle function. It should be noted that the skbmarkforrecycle function was introduced later than the “fixes” tag in commit 6a5bcd84e886 “pagepool: Allow drivers to hint on SKB recycling...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark the target gfn of the emulated atomic instruction as dirty. When emulating an atomic access on behalf of the guest, mark the target gfn as dirty if the CMPXCHG instruction attempts to execute but fails without...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: FS:JFS:UBSAN: array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 Index 196694 is out of range for type ‘s81365’ aka ‘signed char1365’ CPU:...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed an issue where the extent map was used after free, when adding pages to compressed Bio data structures. In the function addrabiopages, we access the extent map to calculate ‘addsize’. After dropping the reference to...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Julia Lawall reported this null pointer dereference issue; this should fix it...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Do not abort the filesystem when attempting to take a snapshot of a deleted subvolume. If the source file descriptor for the snapshot ioctl refers to a deleted subvolume, the following abort occurs: BTRFS: Transaction...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ceph: The “use after free” error was caught by KASAN at the line cephbuffergetarg-xattrbuf;. This means that the reference count could not be incremented before the memory was freed. In the same file, in the handlecapgrant...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec – Fixed memory leak during sec resource release The AIV is one of the SEC resources. When releasing resources, it is necessary to release the AIV resources at the same time. Otherwise, memory leakage will...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
A transient execution vulnerability in some AMD processors may allow an attacker to extract data from the L1D cache, potentially leading to the leakage of sensitive information across privileged boundaries...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ima: Avoid blocking in the RCU read-side critical section. A panic occurs in imamatchpolicy: BUG: Unable to handle a NULL pointer dereferencing in the kernel at 0000000000000010. PGD 42f873067 P4D 0 Oops: 0000 1 SMP NOPTI CPU:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: UDP: Do not accept non-tunnel GSO packets that land in a tunnel. When rx-udp-gro-forwarding is enabled, UDP packets may be forwarded in a way that causes them to land in a tunnel. This can lead to various issues. udpgroreceive...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: xen/events: The close evtchn operation is performed after mapping cleanup is completed. shutdownpirq and startuppirq do not take the irqmappingupdatelock, as they cannot do so due to lock inversion. Both functions are called...