Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs pthreadcreate returns a non-zero value during the execution of the createworkerthreads method, the held lock is not released properly. This allows local...

EUVD-2026-36558

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

CVE-2026-45085

CVE-2026-45085 affects Discourse with the chat plugin (calendar-capable variant also involved). The issues span four authorization/disclosure problems observed in versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1. They include:...

PT-2026-48985

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description Four authorization and information disclosure issues exist within the chat...

EUVD-2026-32426

In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Clean up kthread on errors If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif kthread will not be stopped. So make sure the kthread is stopped on an...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: The “Drain deferred trigger” operation is freed if kthread creation fails. Registration of boot-time triggers may fail before the trigger-data cleanup is completed. If a kthread exists, deferring the “Drain deferred...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: RSI: Fixed a memory leak in rsicoexattach The coexcb object needs to be freed when rsicreatekthread fails in rsicoexattach...

EUVD-2026-24841

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

GHSA-3JR7-6HQP-X679 Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service

Summary An uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession of WebSocket messages, forcing the server to spawn an unbounded number of operating system threads. This leads to threa...

EUVD-2026-18909

Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service...

Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service

Summary An uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession of WebSocket messages, forcing the server to spawn an unbounded number of operating system threads. This leads to threa...

CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

UBUNTU-CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

PT-2026-26675

Name of the Vulnerable Software and Affected Versions libfuse versions 3.18.0 through 3.18.1 Description libfuse, the reference implementation of the Linux FUSE, contains a flaw in its io uring subsystem. A use-after-free condition exists from versions 3.18.0 up to, but not including, 3.18.2. Thi...

MiracleLinux 8 : firefox-115.13.0-3.el8_10.ML.1 (AXSA:2024-8566:25)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8566:25 advisory. Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 CVE-2024-6604 Mozilla: Race condition in permission...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in the struct vhosttask. The vhosttaskcreate function creates a task and maintains a reference to its taskstruct. This task may exit early due to a signal, and its taskstruct will be released. ...

DEBIAN-CVE-2022-50629

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsicoexattach The coexcb needs to be freed when rsicreatekthread failed in rsicoexattach...

UBUNTU-CVE-2022-50629

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsicoexattach The coexcb needs to be freed when rsicreatekthread failed in rsicoexattach...