4615 matches found
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Watchdog: Fixed a possible use-after-free by calling deltimersync. The remove function of this driver calls deltimer. However, that function does not wait for the timer handler to finish executing. This means that the timer handl...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds access in ntfs inode syncstandardinformation in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhisyncpowerup If amss.bin is missing, ath11k will crash during the ‘rmmod ath11kpci’ command. The reason for this is that we were using mhipowerup, which does not check for any errors. However, mhisyncpowerup do...
Astra Linux - уязвимость в linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Watchdog: cpu5wdt.c – Fixed a use-after-free bug caused by cpu5wdttrigger. When the cpu5wdt module is being removed, the original code uses deltimer to de-activate the timer. If the timer handler is still running, deltimer may no...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup of partially initialized sync objects occurs during parse failures. The function xesyncentryparse can allocate references such as syncobjs, fences, chain fences, or user fences before encountering subsequent...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed a reference leak in amdgpuuserqwaitioctl. Also, removed the reference to syncobj and timeline fence when aborting the ioctl, as it caused issues due to the output array being too small. This issue was...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Fuse: Abort on fatal signal during sync init When sync init is used and the server exits for some reason e.g., error, crash, the filesystem creation will hang. The reason is that while all other threads exit, the mounting thread ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: If hcicmdsyncqueueonce returns -EEXIST, it indicates that a queue item already exists. hcicmdsyncqueueonce needs to indicate whether a queue item was added, so that the caller can know if callbacks are...
Astra Linux - уязвимость в containerd
Containerd is an open-source container runtime. A bug was discovered in the CRI implementation of Containerd, where programs within a container can cause the Containerd daemon to consume memory indefinitely during the invocation of the ExecSync API. This can result in Containerd consuming all...
Linux Distros Unpatched Vulnerability : CVE-2026-43322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021562)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021562 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021563)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021563 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the...
xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...
MAL-2026-4518 Malicious code in cheaty-sync-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b192c71c59ccca1d9cc720372bd29f39eae8b5da4d572cd1e8312d6b57d6b4 cheaty-sync-bot ships a clipboard-sync CLI that hardcodes a single Telegram bot token index.js:10 owned by the package author. There is no...
PT-2026-41891
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the membership sync process. An attacker can remove users from any channel, including private channels, by sending...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the membership sync process. An attacker can remove users from any channel, including private channels, by sending crafted membership sync messages from a remote cluster that is not authorized to access the...
CVE-2026-28759
Mattermost multiple releases (11.4.x <= 11.4.3, 11.5.x <= 11.5.1, 10.11.x
CVE-2026-28759 Insufficient authorization in shared channel membership sync allows remote cluster to remove users from arbitrary channels
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...
EUVD-2026-30738
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...