Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TESTIOVITER depends on MMU. Attempting to run the ioviter unit test on a nommu system, such as the qemu kc705-nommu emulation, results in a crash. KTAP version 1 Subtest: ioviter Module: kunitioviter 1..9 BUG:...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context. TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework after the respective DMA operations are completed...

Astra Linux – Vulnerability in Samba

Windows Kerberos Elevation of Privilege Vulnerability...

Astra Linux – Vulnerability in sysstat

Sysstat is a set of system performance tools for the Linux operating system. On 32-bit systems, in versions 9.1.16 and later, but before version 12.7.1, the allocatestructures function contained a sizet overflow in the sacommon.c file. The allocatestructures function insufficiently checked the...

CVE-2026-54285 vulnerabilities

Vulnerabilities for packages: langfuse, renovate...

SUSE CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

SUSE CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

SUSE CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

SUSE CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

CVE-2026-12322 vulnerabilities

Vulnerabilities for packages: firefox...

GHSA-XP8H-82PC-F6JM vulnerabilities

Vulnerabilities for packages: firefox...

GHSA-VMF3-W455-68VH vulnerabilities

Vulnerabilities for packages: prism, renovate, graalvm, opensearch-dashboards, wazuh-dashboard-fips, pulumi, homepage, code-server, npm, saf, wazuh-dashboard, opensearch-dashboards-fips, actions-runner...

GHSA-4X5R-PXFX-6JF8 vulnerabilities

Vulnerabilities for packages: langfuse...

GHSA-R7G4-QG5F-QQM2 vulnerabilities

Vulnerabilities for packages: langfuse...

CVE-2026-12321 vulnerabilities

Vulnerabilities for packages: firefox...

CVE-2026-54105

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

CVE-2026-54106

CVE-2026-54106 affects the U.S. GAO EPDS and CBCA EDS login flow, where X-Forwarded-For headers are not validated. The underlying issue allows a remote attacker who has compromised administrator credentials to bypass network access controls and log in, potentially gaining access to restricted doc...

EUVD-2026-37913

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

EUVD-2026-37911

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

CVE-2026-7210 vulnerabilities

Vulnerabilities for packages: python...