Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handle kernel paging request at virtual address 000000aa00000094 Mem abort info: ESR = 0x96000004 EC = 0x2...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. When performing a symlink lookup, the grub’s UFS module checks the data size of the inode to allocate an internal buffer to read the file content. However, it fails to check whether the data size of the symlink has exceeded its allocated limit. As a result, the...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

A flaw was discovered in the parsing of extended attributes in the kernel’s ksmbd module. The issue arises due to the lack of proper validation of user-provided data, which can lead to data being read beyond the end of an allocated buffer. An attacker can exploit this vulnerability to disclose...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: LSM: General protection fault in legacyparseparam The usual LSM hook mechanism of “bailing on fail” doesn’t work in cases where a security module may return an error code indicating that it doesn’t recognize an input. In this...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added NULL pointer dereferencing checking at the end of attrallocateframe. It is preferable to exit through the out: label because internal debugging functions are located there...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: igb: Cleanup in all error paths when enabling SR-IOV After commit 50f303496d92 “igb: Enabling SR-IOV after reinit”, removing the igb module could cause a hang or crash depending on the machine when the module was loaded with t...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

An integer coercion error was detected in the openvswitch kernel module. When there are a sufficient number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize function does not return -EMSGSIZE as expected. This could potentially lead to an...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: The kfreescalethread threads is stopped after unloading the rcuscale module. Running the ‘kfreercutest’ test case results in a segmentation fault. The root cause is that the kfreescalethread threads continues to run...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipmisi: fixed a memory leak in trysmiinit Kmemleak reported the following information regarding the memory leak in trysmiinit: Unreferenced object 0xffff00018ecf9400 size 1024: Command "modprobe", PID 2707763, jiffies 43008514...

Astra Linux - уязвимость в apache2

In certain proxy configurations, a denial-of-service attack against Apache HTTP Server versions 2.4.26 through 2.4.63 can occur when untrusted clients trigger an assertion in modproxyhttp2. The configurations affected include reverse proxies configured for HTTP/2 backends, where ProxyPreserveHost...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Counter: Interrupt-cnt: Remove the IRQFNOTHREAD flag An IRQ handler can either use IRQFNOTHREAD or acquire spinlockt. As noted by CONFIGPROVERAWLOCKNESTING: ============================= BUG: Invalid wait context 6.18.0-rc1+git...

Astra Linux - уязвимость в python-setuptools

A vulnerability exists in the packageindex module of pypa/setuptools versions up to 69.1.1, allowing for remote code execution through its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are vulnerable t...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail-check Shell scripts to detect Linux kernel vulnera...

@aaasd/pocpoc (=99.99.9996), internal-company-module-test-1337 (>=99.99.9991 <=99.99.9995) potentially affected by unknown CVE via internal-company-module-test-1337 (=99.99.9996)

internal-company-module-test-1337 NPM version =99.99.9996 is affected by a known vulnerability. The following packages have a transitive dependency on internal-company-module-test-1337 and may be impacted: - @aaasd/pocpoc =99.99.9996 - internal-company-module-test-1337 =99.99.9991, =99.99.9995...

Malicious code in internal-company-module-test-1337 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa107cadda6301a772af8727ebafd976365c28371cddd211c176a57b12715d9 The package internal-company-module-test-1337 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3249 Malicious code in internal-company-module-test-1337 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa107cadda6301a772af8727ebafd976365c28371cddd211c176a57b12715d9 The package internal-company-module-test-1337 was found to contain malicious code. Source: ossf-package-analysis...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail Detection Tool A comprehensive det...

Dolibarr has Insufficient Verification of Data Authenticity

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

Insufficient Verification of Data Authenticity

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the dolverifyHash function of the Online Signature Module. An attacker can bypass signature verificati...

CVE-2026-7689

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...