Astra Linux - уязвимость в linux, linux-5.10

A vulnerability, classified as problematic, was discovered in the Linux kernel. This vulnerability affects the tcpgetsockopt/tcpsetsockopt functions of the TCP Handler component. Manipulation of these functions can lead to a race condition. It is recommended that a patch be applied to address thi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list The struct sdcacontrol structure declares the “values” field as an integer array. However, the memory allocated for this field is actually a char array. This causes a...

Astra Linux - уязвимость в libreoffice

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to create documents that would load external links without any prompts. In affected versions of LibreOffice documents that used “floating frames” linked to external files, the contents of those...

Astra Linux - уязвимость в linux-5.10, linux

A null pointer dereference issue was discovered in the SCTP network protocol within the net/sctp/streamsched.c file in the Linux kernel. If the streamin allocation fails, the streamout resource is freed, allowing further access to it. A local user could exploit this vulnerability to crash the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Clean up only the newly added IRQ mapping when requestirq fails. The mlx5irqalloc function may inadvertently free the entire rmap, leading to a crash when other threads attempt to access it. This issue occurs when...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: drm/sti: The return type of stidvo,hda,hdmiconnectormodevalid has been corrected. With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed a reference leak in amdgpuuserqwaitioctl. Also, removed the reference to syncobj and timeline fence when aborting the ioctl, as it caused issues due to the output array being too small. This issue was...

Astra Linux - уязвимость в linux-5.10, linux

A flaw in incorrect access control in the Linux kernel’s USB core subsystem was discovered in the way users attach USB devices. A local user could exploit this flaw to crash the system...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. A vulnerability exists starting from version 2.2, and is related to out-of-bounds reads and integer overflow leading to buffer overflow. This vulnerability is present in versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, the Redis BIT...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialize rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported a divide-by-zero issue in tcpselectWindow for MPTCP sockets. 0 We had a similar issue with bare TCP and fixed it in commit 499350a5a6...

Astra Linux - уязвимость в linux-5.10, linux-5.15

The Linux kernel allows user-space processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL, which disables the speculation feature, as well as through the use of seccomp. We noticed that on virtual machines of at least one major cloud provider, the kernel still left the victim...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. A user with sufficient privileges can create a malformed ACL selector, which, when accessed, triggers a server panic and subsequent denial of service. This issue has been fixed in Redis 7.2.7 and 7.4.2...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control through a crafted command. Chromium security severity: Low...

Astra Linux - уязвимость в linux-5.10, linux

A memory leak flaw was discovered in the Linux kernel’s Stream Control Transmission Protocol. This issue may occur when a user initiates a malicious networking service, and someone connects to this service. This could allow a local user to deplete resources, resulting in a denial of service...

Astra Linux - уязвимость в linux

A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the “intct...

MAL-2026-4649 Malicious code in promptbook-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90 dist/api.js contains a hardcoded URL https://promts.newtechcompany.ru referenced alongside process.env reads and a fetch call at line 44. The package...

CVE-2026-9057

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

CVE-2026-9057 Security fix for Qlik Talend Administration Center URL access control vulnerability

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

CVE-2026-9057

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

CVE-2026-9057

The vulnerability CVE-2026-9057 affects Talend Administration Center and is a broken access control issue that allows a user with View permission to modify the Talend Studio update URL. Reported impact is high (CVSS 3.1: 8.2, Confidentiality/Integrity High, Availability None) with network attack ...