3563 matches found
PT-2026-52247
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ACK parser of the rxrpc module. In the rxrpc input soft acks function, the AF RXRPC component incorrectly assumes that calling skb condense will always result in a...
PT-2026-52293
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An ABBA deadlock occurs in the xfrm iptfs component within the iptfs destroy state function on SMP systems. The issue arises when iptfs destroy state calls hrtimer cancel while holding a...
GHSA-9GGV-8W38-R7PM TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
Impact Blind SQL injection vulnerability in UpdateQueryBuilder and SoftDeleteQueryBuilder affecting MySQL and MariaDB users. UpdateQueryBuilder and SoftDeleteQueryBuilder including their addOrderBy variants do not validate the order parameter against an allowlist of permitted values ASC/DESC. The...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dmcrypt: added condresched to dmcryptwrite. The loop in dmcryptwrite may run for an unlimited amount of time; therefore, condresched is needed in it. This commit fixes the following warnings: 3391.153255 C12 watchdog: BUG: sof...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89: Fix for soft lockup in rtw89entityrecalcmgntroles. During rtw89entityrecalcmgntroles, there is a normalization process that will reorder the list if an entry with the target pattern is found. Once such an entry is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm: vmscan: removed deadlock caused by throttling failing to progress. A soft lockup bug in kcompactd was reported in a private bugzilla. The following messages were observed in dmesg: watchdog: BUG: soft lockup – CPU33 stuck...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/shmem, swap: fixed the soft lockup issue with mTHP swapin. The following soft lockup can be easily reproduced on my test machine using the following command: echo always...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Bypass of empty buckets in batadvpurgeorigref Many syzbot reports point to soft lockups in batadvpurgeorigref 1 The root cause is unknown, but we can avoid spending too much time on this issue and potentially obtain...
Astra Linux – Vulnerability in Linux
A vulnerability was discovered in the Linux kernel before version 5.9. Arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions. This vulnerability is also known as...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: xfrm: Reinjecting transport-mode packets through the workqueue. The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: Soft lockup – CPU0 stuck for 22...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: md/raid10: Prevent soft lockup during flush writes. Currently, there is no limit for plugged bio in raid1/raid10. During flush writes, raid1 uses condresched, while raid10 does not. Too many writes can cause a soft lockup. A...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fixed a deadlock in the soft reset sequence. The soft reset sequence is currently executed from the threaded IRQ handler. Therefore, it cannot call disableirq because it internally waits for the IRQ handlers—i.e....
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: Clearing MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvice with MADVSOFTOFFLINE. The bug is triggered when retrying getanypage. This occurs because the...
Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)
Question Security Bulletin: Dirty COW Vulnerability CVE-2016-5195 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...
POC_cve_2026_35273
POCcve202635273 Universal Unauthenticated RCE via PeopleSof...
GHSA-F34X-RX2W-7PM3 TYPO3 CMS has Broken Access Control in the Recycler Module
Problem Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits...
EUVD-2026-35396
TYPO3 CMS has Broken Access Control in the Recycler Module...
TYPO3 CMS has Broken Access Control in the Recycler Module
Problem Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits...
CVE-2026-45160
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...
CVE-2026-47349
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...