Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reordering cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedule the spudmawork, and the spudmawork could also arm the dreamcastcard-timer. When the sndpcmsubstream is closing, the aicachanne...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006726 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedu...

EUVD-2026-8996

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

CVE-2026-3287

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

CVE-2026-3287

CVE-2026-3287 affects youlaitech youlai-mall 2.0.0, specifically the App-side Product Pagination Endpoint: SpuController.java, listPagedSpuForApp. The vulnerability arises from manipulating the sortField/sort parameters, enabling SQL injection. This is described as remotely exploitable with a pub...

CVE-2026-3287 youlaitech youlai-mall App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sql injection

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

youlai-mall SQL注入漏洞

Youlai-Mall is a full-stack e-commerce system developed by Youlaitech. Version 2.0.0 of Youlai-Mall has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter sortField/sort in the function listPagedSpuForApp located in the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000748)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000748 advisory. The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002091)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002091 advisory. The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow...

CVE-2023-1905

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

SUSE CVE-2024-26654

In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedule the spudmawork and the spudmawork could also arm the dreamcastcard-timer. When the sndpcmsubstream is closing, the aicachannel wi...

DEBIAN-CVE-2024-26654

In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedule the spudmawork and the spudmawork could also arm the dreamcastcard-timer. When the sndpcmsubstream is closing, the aicachannel wi...

CVE-2023-1905

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

spu.edu XSS vulnerability

Vulnerable URL: https://spu.edu/acad/GRCatalog/20078/faculty.asp?orderby=1%22--%3E%3Csvg/onload=;prompt/OPENBUGBOUNTY/;%3ENAME Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 74666...

Unbreakable Enterprise Kernel security update

kernel-uek 2.6.32-400.33.3uek - afkey: fix info leaks in notify messages Mathias Krause Orabug: 17837974 CVE-2013-2234 - drivers/cdrom/cdrom.c: use kzalloc for failing hardware Jonathan Salwan Orabug: 17837971 CVE-2013-2164 - fs/compatioctl.c: VIDEOSETSPUPALETTE missing error check Kees Cook...

CVE-2013-4628

The firewall module on the Huawei Quidway Service Process Unit SPU board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone...

CVE-2013-4628

The firewall module on the Huawei Quidway Service Process Unit SPU board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone...

Design/Logic Flaw

The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...

UBUNTU-CVE-2013-1928

The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...

Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)

Fri Feb 8 2008 Ville Skytta - 1.1.10.1-1 - 1.1.10.1 security update, 431541. Sun Jan 27 2008 Ville Skytta - 1.1.10-2 - Include spu, spucc, and spucmml decoders 213597. Upstream release notes: http://sourceforge.net/project/shownotes.php?groupid=96 55&releaseid=574735 Note that Tenable Network...