CVE-2026-45035

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

SUSE-SU-2026:2019-1 Security update for cockpit

This update for cockpit fixes the following issues - CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user bsc1256521. - CVE-2026-4802: remote command execution via unsanitized...

Security update for cockpit

This update for cockpit fixes the following issues CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user bsc1256521. CVE-2026-4802: remote command execution via unsanitized...

Advisory ROSA-SA-2026-3289

software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ar5523: Fixed a use-after-free in ar5523cmd when it timed out. syzkaller reported a use-after-free with the stack trace as follows 1: 38.960489 C3 ================================================================== 38.963216...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed an out-of-bounds memset issue in command slot handling. The remaining space in a command slot may be smaller than the size of the command header. Clearing the command header using memset before verifying the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile does not initialize the aiocmd-iocb for the kiwritestream. When the writecommand fdexecuterwaio is executed, we may receive an invalid value for kiwritestream,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: rejecting malformed HCICMDSYNC commands In mgmthcicmdsync, check whether the size of the parameters passed in struct mgmtcphcicmdsync matches the total size of the data i.e., sizeofstruct mgmtcphcicmdsync plus th...

Astra Linux - уязвимость в jetty9

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...

Astra Linux - уязвимость в glibc

The iconv program in the GNU C Library also known as glibc or libc6 version 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, resulting in a...

Astra Linux - уязвимость в postgresql-11

Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the initialization of the command bitmask. The command bitmask has a dedicated bit for the MANAGEPAGES command. This bit is not initialized during the initialization of the command bitmask, but only during the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Do not access invalid sched. Since 2320c9e6a768 “drm/sched: memset ‘job’ in drmschedjobinit”, accessing job-base.sched can produce unexpected results, as the initialization of job-base.sched during amdgpujoballoc is...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ftrace: A regression was fixed related to the module command in stacktracefilter. When executing the following command: echo "write:mod:ext3" /sys/kernel/tracing/stacktracefilter The current mod command causes a null pointer...

Astra Linux - уязвимость в zabbix

The Zabbix server can execute commands for configured scripts. After the command is executed, an audit entry is added to the “Audit Log”. Since the “clientip” field is not sanitized, it is possible to inject SQL code into the “clientip” field, resulting in time-based blind SQL injection attacks...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue arises due to the lack of proper locking when performing operations on an object. An...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, from version 5.19.9 onwards, the drivers/scsi/stex.c file allows local users to access sensitive information from kernel memory. This occurs because the stexqueuecommandlck function lacks a memset for the PASSTHRUCMD case...

Astra Linux - уязвимость в samba

A flaw was discovered in Samba, particularly in the handling of the front-end WINS hook: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets is inserted into shell commands and executed b...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout that causes kernel panic when “paniconwarn” is enabled, and unnecessary call trace prints when...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed an out-of-bound memcpy operation during the ethtool -w command. When retrieving the FW core dump using ethtool, memory corruption can sometimes occur. Bug: KFENCE: Memory corruption occurs in...