Astra Linux - уязвимость в firefox

The login credentials saved by Firefox should be managed by the Password Manager component, which uses encryption to store files on disk. However, the username not the password was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox versions earlier than 1...

CVE-2026-8612

CVE-2026-8612 affects WWW::Mechanize::Cached

CVE-2026-43895

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

PT-2026-39026

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where the l iclog roundoff value is set to 512 if the superblock does not list a log stripe unit. On disks with 4k physical sectors, this results i...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed a shift-out-of-bounds/overflow issue in nilfssb2badoffset. The patch series “nilfs2: Fix UBSAN shift-out-of-bounds warnings during mount time” addresses this issue. The first patch fixes a bug reported by syzbot,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: EXT4: Filter out the EXT4FCREPLAY bit from the on-disk superblock’s sstate field. The EXT4FCREPLAY bit in sbi-smountstate is used to indicate that we are currently replaying the fast commit journal. This was actually a mistake, a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Rejects inodes of an unsupported type on the disk Syzbot has reported the following bug: Kernel bug at fs/inode.c:668! Oops: Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: Verify the inode mode when loading from disk. syzbot reports that the SIFMT bits of the inode-imode field can become invalid when the SIFMT bits of the 16-bit “mode” field loaded from disk are corrupted. According to ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Reject index allocation if $BITMAP is empty but index blocks exist. Index allocation requires at least one bit in the $BITMAP attribute to track the usage of index entries. If the bitmap is empty while index blocks are...

CVE-2026-43046

A flaw was found in the Linux kernel's btrfs filesystem. This vulnerability allows an attacker with local access to trigger a kernel bug system crash by providing specially crafted, malformed btrfs metadata on disk. Specifically, an invalid state where dropprogress.objectid is non-zero and...

PT-2026-36336

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb inherit dacl function trusts the num aces value from a parent directory's DACL xattr to determine the size of a heap allocation. An...

CVE-2026-31449

A flaw was found in the Linux kernel's ext4 filesystem. A local attacker could exploit this vulnerability by providing a specially crafted or corrupted on-disk extent header. This could cause an out-of-bounds read in memory, potentially leading to information disclosure or a system crash Denial o...

CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes

In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes ext4extcorrectindexes walks up the extent tree correcting index entries when the first extent in a leaf is modified. Before accessing pathk.pidx-eiblock, there is no validation...

PT-2026-34354

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 ext correct indexes function, which corrects index entries when the first extent in a leaf is modified. The function fails to validate that the p idx pointer...

PT-2026-34181

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011267)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011267 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stal...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006910)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006910 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfssb2badoffset Patch series nilfs2: fix UBSAN...

Windows Persistence Via UserInitMprLogonScript

This Metasploit module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that...

PT-2026-28457

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains an approval integrity issue where system.run approvals do not properly bind mutable file operands for specific script runners, including tsx and jiti. This allows attackers...

GHSA-8G75-Q649-6PV6 OpenClaw's system.run approvals did not bind mutable script operands across approval and execution

OpenClaw's system.run approval flow did not bind mutable interpreter-style script operands across approval and execution. A caller could obtain approval for an execution such as sh ./script.sh, rewrite the approved script before execution, and then execute different content under the previously...