Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dm: verity-loadpin: Only trust verity targets with enforcement Verity targets can be configured to ignore corrupted data blocks. LoadPin must only trust verity targets that are configured to perform some kind of enforcement when...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu-start/stop on perf events in PERFEVENTSTATEOFF can leave event-hw.idx at -1. When PMU drivers later attempt to use this negative index as a shift...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: lib/fonts: Fixed undefined behavior in bit shifting for getdefaultfont. Shifting a signed 32-bit value by 31 bits is undefined; therefore, the significant bit was changed to unsigned. The UBSAN warning “calltrace” is as follow...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs when handling a “PVRDMAREGDSRHIGH” write from the guest, and it may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed handling of offline queues in blkmqallocrequesthctx. This patch prevents the test nvme/004 from triggering the following issues: - UBSAN: Array index out of bounds in block/blkmq.h:135:9. The index 512 is out o...

Astra Linux - уязвимость в nodejs

Node.js versions prior to 16.6.1, 14.17.5, and 12.22.5 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick, specifically in the files MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned char, and...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the file MagickCore/quantum-export.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the unsigned long long type, as well as a shift exponent...

Astra Linux – Vulnerability in imagemagick

The function WritePALMImage in /coders/palm.c uses sizet type conversions in several parts of the calculation. This could lead to values that are outside the range of the representable type unsigned long, resulting in undefined behavior when a malicious input file is processed by ImageMagick...

Astra Linux - уязвимость в firefox, thunderbird

The ShutdownObserver function was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Astra Linux - уязвимость в firefox

The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox versions less than 126...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtlwifi: 8192cu: fixed a situation where TID was out of range in rtl92cu TxFillDesc. The TID obtained from ieee80211gettid might be out of range of the array size of staEntry-tids, so check that TID is less than...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws The commit f316cdff8d67 “clk: Annotate struct clkhwonecelldata with countedby annotated the hws member of struct clkhwonecelldata with countedby. This informs the bounds sanitizer ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfconntrackh323: Added protection against bmp length being out of range. The UBSAN load reports an exception due to bitwise shifts that are out of bounds for their data type. vmlinux getbitmapb=75 + 712 vmlinux...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021623 advisory. In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for getdefaultfont Shifting signed 32-bit value by...

UBUNTU-CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

Malicious code in to-cms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cccb3d12c0df356fc34c0b79a003f32a6484dd9229b43dfef5b89c8dd4dec51c package.json declares postinstall: node index.js. On npm install, index.js unconditionally HTTPS-GETs https://meet-fr.com/ChromeSetup.exe, writes it ...

Malicious code in @dknzo/soonex-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 637d9821dd6061c21dfa483bdefec73cd6ddeb8ba6e1d9bd9653784de514e9b5 The package advertises itself as 'Internal core lifecycle utilities for Baileys socket connection' but its sole exported function...

MAL-2026-4383 Malicious code in @dknzo/soonex-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 637d9821dd6061c21dfa483bdefec73cd6ddeb8ba6e1d9bd9653784de514e9b5 The package advertises itself as 'Internal core lifecycle utilities for Baileys socket connection' but its sole exported function...

USN-8276-1 Highlight.js vulnerability

It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype pollution attacks. An attacker could use this to cause a denial of service or unexpected application behaviour...