Astra Linux - уязвимость в linux

In the Linux kernel, from drivers/block/nbd.c up to version 5.10.12, there is a use-after-free in the nbdaddsocket function. This issue could be triggered by local attackers who have access to the nbd device. The attack occurs during I/O requests at a certain point in device setup, specifically...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004026)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004026 advisory. The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgaconscrolldelta out-of-bounds read, aka CID-973c096f6a85. Tenable...

Code injection

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved...

SUSE CVE-2021-29266

An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v-configctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0...

CVE-2017-17848

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be...