Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: Pass the correct message length to ip6.AppendData. l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To address this issue, we chec...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, the function skbAppendPageFrags should no longer check the pfmemalloc status. The skbAppendPageFrags function is currently used by the afunix and udp.sendpage implementations. In commit 326140063946 “TCP: TX...

Astra Linux – Vulnerabilities in Python 2.7, Python 3.11, Python 3.7

When constructing nested elements using XMLDom.minidom methods like appendChild, which rely on clearidcache, the algorithm has a quadratic complexity. This can affect the availability of documents when they are constructed with excessively nested structures...

GHSA-WGPF-JWQJ-8H8P hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

PT-2026-49736

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

DEBIAN-CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

CVE-2023-29146

The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value 32-bit. Attackers could create a collidi...

GHSA-P462-PRXW-MJX4 NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

USN-8362-1 xz-utils vulnerability

It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code...

Security update for xz

This update for xz fixes the following issue CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...

SUSE-SU-2026:2118-1 Security update for xz

This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280...

openSUSE 16 Security Update : xz (openSUSE-SU-2026:20813-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20813-1 advisory. This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Tenable has extracted the preceding...

CVE-2026-7797

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...

udf: fix partition descriptor append bookkeeping

...

CVE-2026-7797 Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...

CVE-2026-7797

The CVE covers the WordPress plugin Appointment Booking Calendar – Simply Schedule Appointments . The vulnerability exists in versions up to

CVE-2026-7797 Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...

CVE-2026-45089

Dalfox AOSS (CVE-2026-45089) allows unauthenticated arbitrary file creation/append when running in REST server mode. Before v2.13.0, the API accepts attacker-controlled OutputFile, OutputAll, and Debug in model.Options; the logger writes to the attacker-specified path via os.OpenFile with O_APPEN...

SUSE SLES12 Security Update : xz (SUSE-SU-2026:2052-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2052-1 advisory. This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Tenable has extracted the preceding...

CVE-2026-45991

udf: fix partition descriptor append bookkeeping...