6371 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Networks: Do not pass flowid to setrpscpu. The responsible commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. When computing flowid in setrpscpu, do not...
Astra Linux – Vulnerability in Chromium
Before version 105.0.5195.52, using “after free” in the Sign-In Flow in Google Chrome allowed a remote attacker who convinced a user to engage in certain UI interactions to potentially exploit heap corruption through crafted UI interactions...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: A memory leak in the flow steering list has been fixed in rmmod. The flow steering list maintains entries that are added and removed as ethtool creates and deletes flow steering rules. Removing a module with active entries...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Enhanced sanity check during attribute list generation The nicreateattrlist function uses WARNON to catch error cases during attribute list generation. Currently, it only prints the stack trace, which may not be...
Astra Linux – Vulnerability in Thunderbird
The Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker who cooperated with a malicious home server could interfere with the verification process between two users, substituting their own cross-signed user identity wi...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: A memory leak occurred in the flow rule processing at the commit path. The flow rule object was aborted during release, but the commit path did not handle this issue properly. The code has been updated to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ath10k: Skip ath10khalt during suspend for the driver state RESTARTING. A double-free crash occurs when FW recovery caused by wmi timeout/crash is followed by an immediate suspend event. FW recovery is triggered by...
Astra Linux – Vulnerability in Intel Microcode
Insufficient control flow management in some IntelR processors may allow an authenticated user to potentially enable a denial of service via local access...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Bug: NULL pointer dereferencing in the kernel, address: 0000000000000020 PGD: 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ 7 RIP: 0010: icegetqcoalesce+0x2e/0xa0 ice RSP:...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: flowdissector: Use DEBUGNETWARNONONCE. The following issue is easy to reproduce both upstream and in the -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 “net: add and use skbgethashsymmetricnet"...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The flow rule object is released from the commit path. There is no need to delay this process until the commit release path, as no packets traverse this object at all. This object is only accessed from the...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/core: Fixed the ETHP1588 flow dissector. When an PTP Ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to skbflowdissect, the calculation of the nhoff value is incorrect. For example,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the internal port memory leak. The flow rule can be split, and additional postact rules are added to the postact table. It’s possible to trigger a memory leak when the rule forwards packets from an internal port...
Astra Linux – Vulnerability in yaml-cpp
The SingleDocParser::HandleFlowSequence function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: rtw88: Fixed memory overflow and memory leak issues during hwscan. Previously, we allocated less memory than actually required. Overwriting the buffer caused the mm module to report errors and trigger access violation faults...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/sti: The return type of stidvo,hda,hdmiconnectormodevalid has been corrected. With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer...
PT-2026-51099
Name of the Vulnerable Software and Affected Versions langflow versions prior to 1.9.1 Description An Insecure Direct Object Reference IDOR exists in the '/api/v1/responses' endpoint. This issue allows an authenticated attacker to execute any flow belonging to another user by specifying the...
CVE-2026-56074
PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...
CVE-2026-55205 Hermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenticated OAuth Flow Endpoint
Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and...
PT-2026-50776
Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Description A flaw in the HTTP/2 server API allows servers to continue accepting data after a GOAWAY frame has been sent. A GOAWAY frame is a mechanism used in the HTTP/2 protocol to notify the peer that t...