3723 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed null pointer dereference in bnxtbstracecheckwrap. With older firmware versions, we might encounter the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for the FW trace data type that has not been initialized. This could lead to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential nullptrdereference issue in traceeventfile in kprobeeventgentestexit. When tracegeteventfile fails, genkretprobetest will be assigned as the error code. If the kprobeeventgentest module is remov...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential null-ptr-dereference in tracearray in kprobeeventgentestexit When testgenkprobecmd fails after kprobeeventgencmdend, it will go to delete, which will call kprobeeventdelete and release the...
Astra Linux – Vulnerability in Firefox
A memory-out-of-memory condition during object initialization could lead to an empty shape list. If the JIT compiler traces the object subsequently, it will cause a crash. This vulnerability affects Firefox versions less than 125...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libie: Do not unroll if fwlog is not supported. The libiefwlogdeinit function can be called during driver unloading, even when firmware logging was never properly initialized. This caused a call trace like this: 148.576156 Oops:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Converted spinlock to mutex to lock the evlworkqueue. drainworkqueue cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework while...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed OOB access in the DBGBUFPRODUCER async event handler. The ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER handler in bnxtasynceventprocess directly uses the ‘type’ field provided by the firmware as an index into bp-bsTrace,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed the assignment logic of iocb. Commit 18ae8d12991b “f2fs: shows more DIO information at the tracepoint” introduced the iocb field in the ‘f2fsdirectIOenter’ trace event. It only assigns the pointer and then accesses...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: The memory leak in iter-temp occurred during the reading of tracepipe. kmemleak reports: Unreferenced object: 0xffff88814d14e200 size 256 Details: - Process: “cat”, PID: 336; Jiffies: 4294871818 age: 779.490 seconds - He...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: This vulnerability prevents a wraparound in the schema length during the trace fill operation. The ioam6fillTraceData function stores the schema contribution to the trace length in an u8 type variable. When bit 2...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF does not enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace during deinitialization. 71.913601 drm Clean up the vf2pf work item 71.915088 ------------ Cut...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed the issue with copylinklist updates when the “copyTracemarker” option is enabled for an instance. When this option is enabled, any data written to /sys/kernel/tracing/tracemarker is also copied into the buffer o...
Linux Distros Unpatched Vulnerability : CVE-2026-43341
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores th...
python-markdown: denial of service via malformed HTML-like sequences
A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...
python-markdown: denial of service via malformed HTML-like sequences
A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...
BIT-MLFLOW-2026-2652 Authentication Bypass in mlflow/mlflow
A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...
CVE-2026-41947
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...
EUVD-2026-30772
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints...
CVE-2026-41947 Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...