Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Check the bearer type before calling tipcudpnlbeareradd. syzbot reported the following general protection fault 1: General protection fault, likely for a non-canonical address 0xdffffc0000000010: 0000 1 PREEMPT SMP KASAN...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsnew inode in the file fs/nilfs2/inode.c of the BPF component. This vulnerability allows for manipulation after the memory allocation function free is called. The attack ca...

CVE-2025-64725

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

AZL-72719 CVE-2025-38118 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix UAF on mgmtremoveadvmonitorcomplete This reworks MGMTOPREMOVEADVMONITOR to not use mgmtpendingadd to avoid crashes like bellow: ================================================================== BUG: KASAN:...

Security advisory: Recently reported incomplete cleanup issue in Qt's Schannel handling can impact Qt

There is a "Incomplete Cleanup" problem in Qt’s Schannel handling when it is used to provide a server handling incoming TLS connections. This has been assigned the CVE id CVE-2025-6338. Affected versions: This issue affects only the Schannel functionality on Windows if it is turned on in Qt 5.15...

AZL-69494 CVE-2025-21881 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobewriteopcode We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0...

AZL-53762 CVE-2024-50299 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctpsfootb A size validation fix similar to that in Commit 50619dbf8db7 "sctp: add size validation when walking chunks" is also required in sctpsfootb to address a crash reported by syzbot:...

AZL-51102 CVE-2024-49916 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clkmgr and clkmgr-funcs in dcn401inithw This commit addresses a potential null pointer dereference issue in the dcn401inithw function. The issue could occur when dc-clkmgr or dc-clkmgr-funcs is...

CVE-2024-46795 affecting package kernel for versions less than 5.15.167.1-1

CVE-2024-46795 affecting package kernel for versions less than 5.15.167.1-1. An upgraded version of the package is available that resolves this issue...

AZL-49389 CVE-2024-46721 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...

CVE-2022-48841 affecting package kernel for versions less than 5.15.162.2-1

CVE-2022-48841 affecting package kernel for versions less than 5.15.162.2-1. A patched version of the package is available...

CVE-2024-26904 affecting package kernel for versions less than 5.15.158.2-1

CVE-2024-26904 affecting package kernel for versions less than 5.15.158.2-1. An upgraded version of the package is available that resolves this issue...

PT-2024-25246 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A Cross-Site Scripting XSS issue in the Settings menu of CMSimple allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

AZL-27890 CVE-2023-4194 affecting package kernel for versions less than 5.15.126.1-1

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -...

CVE-2023-3752

A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...

AZL-27243 CVE-2023-35826 affecting package kernel for versions less than 5.15.122.1-2

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrusremove in drivers/staging/media/sunxi/cedrus/cedrus.c...

CVE-2023-1513 affecting package kernel for versions less than 5.15.102.1-3

CVE-2023-1513 affecting package kernel for versions less than 5.15.102.1-3. A patched version of the package is available...

SUSE CVE-2021-4032

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvmfreelapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with...

GSD-2023-1001990 octeontx2-pf: Fix resource leakage in VF driver unbind

octeontx2-pf: Fix resource leakage in VF driver unbind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...