1693 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if the client driver is available. For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if the client driver is available. Otherwise, it will result in a null...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In media: iris: gen2, a sanity check for session termination was added. In iriskillsession, inst-state is set to IRISINSTERROR, and sessionclose is executed, which will free memory allocated to insthfigen2-packet. If stopstreamin...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: kthread: Unpark only parks kthreads. Calling kthreadunpark unconditionally is mostly harmless when the kthread is already unparked. In that case, the wake-up call is simply ignored because the task is not in the TASKPARKED state...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: vfio: Split migration operations from main device operations The vfio core checks whether the driver sets certain migration operations e.g., setstate/getstate, and accordingly calls those operations. However, currently, the ml...
Malicious code in code-tool-langfuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13591fd81486fc2001b5c998ff87badefcb81f4c396aa43675a7280a6fed23cf The package installs a Claude Code Stop hook and patches OpenCode plugin code so that every future AI session's user prompts, assistant responses, to...
Linux Distros Unpatched Vulnerability : CVE-2026-43412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021645)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021645 advisory. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthreadstop may prevent the threadfn from eve...
CLSA-2026-1778895199 Fix CVE(s): CVE-2024-50602
SECURITY UPDATE: Crash in XMLResumeParser because XMLStopParser can stop/suspend an unstarted parser - debian/patches/CVE-2024-50602.patch: make XMLStopParser refuse to stop/suspend an unstarted parser - CVE-2024-50602...
CVE-2026-45399 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
CVE-2026-45399
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
CVE-2026-45399
Open WebUI CVE-2026-45399 describes a broken authorization gap in multi-user deployments: before release 0.9.0, authenticated, low-privilege users could enumerate and stop global background tasks via GET /api/tasks and POST /api/tasks/stop/{task_id}, impacting integrity and availability across us...
CVE-2026-45399 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in the GET /api/tasks and POST /api/tasks/stop/taskid...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the GET /api/tasks and POST /api/tasks/stop/taskid endpoints, which lack proper ownership checks. An attacker can enumerate and terminate background tasks belonging to other users by...
SUSE CVE-2026-43412
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads...
Malicious code in @tanstack/router-devtools-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-43412
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA System on Chip ASoC subsystem, specifically within the Qualcomm qcom qdsp6 audio driver. During the stop and start process of the Audio Digital Signal Processor ADSP, an incorrect order of component removal can occur...
EUVD-2026-28611
In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...
CVE-2026-43412
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads...
CVE-2026-43412
CVE-2026-43412 pertains to the Linux kernel ASoC Qualcomm qdsp6 driver. The root cause is an incorrect removal order during ADSP stop/start, where q6apm-audio teardown can delete RTDs containing q6apm DAI components before their removal pass, leaving components linked to the card and causing a cr...