Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential memory leaks at the error handling path for UMP operations. The allocation and initialization errors in allocmidiurbs, which occur when the function is called during MIDI 2.0/UMP device operations...

K000160741: Linux kernel vulnerability CVE-2025-37891

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion. The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as ...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37891)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37891 advisory. - In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP...

RHEL 9 : kernel (RHSA-2026:0804)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0804 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: NFSD: fix hang in...

CVE-2023-54022

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at allocmidiurbs that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking...

CVE-2023-54022

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at allocmidiurbs that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking...

CVE-2023-54022 ALSA: usb-audio: Fix potential memory leaks at error path for UMP open

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at allocmidiurbs that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking...

Linux Distros Unpatched Vulnerability : CVE-2022-35036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e1fc8. CVE-2022-35036 Note that Nessus relies on the presenc...

CVE-2025-37891

In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as it was supposed to be the max...

CVE-2025-37891

The provided documents confirm CVE-2025-37891 affects the Linux kernel’s ALSA: ump path, where SysEx messages could overflow an internal 4-byte buffer during MIDI 1.0 to UMP conversion. The root cause is that SysEx can be up to 6 bytes, exceeding the original 4-byte buffer, risking memory corrupt...

CVE-2025-37891 ALSA: ump: Fix buffer overflow at UMP SysEx message conversion

In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as it was supposed to be the max...

CVE-2024-25657

CVE-2024-25657 affects AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS. An open redirect exists in the Login/Logout web management flow, potentially causing authenticated users to be redirected to malicious websites. The initial entry reports a CVSSv3.1 base score of 5.4 (Medium) wit...

CVE-2024-25656

CVE-2024-25656 affects AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS. The root cause is improper input validation that allows unauthenticated CPE devices to store arbitrarily large amounts of data during enrollment, which can lead to a denial of service by overloading the applicati...

CVE-2024-25656

Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...

CVE-2024-25654

CVE-2024-25654 affects AVSystem Unified Management Platform (UMP) version 23.07.0.16567~LTS. The root cause is insecure permissions on log files, which, for users with local access to the UMP application server, can expose credentials used to authenticate to all services and can enable decryption...

CVE-2024-25655

CVE-2024-25655 affects AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS. The root cause is insecure storage of LDAP passwords in the authentication functionality, enabling users who have read access to the application database to decrypt LDAP passwords of users who authenticate via LD...

CVE-2024-25657

An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform UMP 23.07.0.16567LTS could allow attackers to redirect authenticated users to malicious websites...

CVE-2024-25655

Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allows members with read access to the application database to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP...

ump.co.za Cross Site Scripting vulnerability OBB-2804834

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

(0Day) WECON LeviStudioU UMP File Parsing Extra Tag bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...