Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Net: tun: Unlinking the NAPI from the device upon destruction. Syzbot identified a race condition between the tun file and the device destruction process. NAPIs reside in the structtunfile structure, and this structure may be...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: The userfaultfdapi function has been fixed to return EINVAL as expected. Currently, if we request a feature that is not set in the kernel configuration, we will fail silently and return all available features. However, the manual...

Astra Linux – Vulnerability in Zabbix

A non-administrator user account on the Zabbix frontend, with the default User role, or any other role that grants API access, can exploit this vulnerability. There is an SQL injection vulnerability in the CUser class within the addRelatedObjects function. This function is called from the CUser.g...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio: Packed data – fix an unmap leak for the indirect desc table When usedmaapi and premapped are set to true, the dounmap operation is not executed. As a result, the vringunmapextrapacked function is not called by...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit allocation of the cpumask variable on the stack. For the CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of the cpumask variable on the stack is not recommended, as it may cause a potential stack...

Astra Linux – Vulnerability in OpenSSL

Issue Summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes may leave the final partial block unencrypted and unauthenticated. Impact Summary: The last 1–15 bytes of a message may be exposed in...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: Make sure that the caller has CAPSYSADMIN in the correct user namespaces. What we want to ensure is that cloneprivatemnt will not expose something hidden by a mount that we wouldn’t be able to undo. “ wouldn’t be...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap API: Fixed a possible memory leak for vcapduprule. A fault occurs when CONFIGVCAPKUNITTEST is selected. A memory leak occurs if kzalloc for duprule succeeds, but kmemdup fails. As a result, memory associated...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel up to version 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

Astra Linux – Vulnerability in Chromium

Before version 103.0.5060.134, using the "after free" method in the Service Worker API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected by this vulnerability are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data through a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-7703

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

CVE-2026-7703

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

CVE-2026-7703 AV Stumpfl Pixera Two Media Server Websocket API code injection

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-7701

Telegram Desktop

CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...