Astra Linux - уязвимость в tiff

In the libtiff 4.3.0 version of tiffcp, an accessible assertion allows attackers to cause a denial-of-service attack through a crafted tiff file. For users who compile libtiff from source code, this fix is available in the commit 5e180045...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

There is a use-after-free vulnerability in the ALSA PCM package within the Linux kernel. The SNDRVCTLIOCTLELEMREAD|WRITE32 function lacks locks that could be exploited in a use-after-free situation, leading to an escalation of privileges to gain ring0 access from the system user. We recommend...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...

[SECURITY] Fedora 42 Update: rust-sequoia-git-0.6.0-1.fc42

A tool for managing and enforcing a commit signing policy...

[SECURITY] Fedora 43 Update: rust-sequoia-git-0.6.0-1.fc43

A tool for managing and enforcing a commit signing policy...

CLSA-2026-1777742234 corosync: Fix of 2 CVEs

CVE-2026-35091: fix incorrect return value in checkmembcommittokensanity allowing DoS via crafted membcommittoken packet - CVE-2026-35092: fix integer overflow in checkmembjoinsanity allowing bypass of length validation via crafted membjoin packet...

CVE-2026-30363

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function...

CVE-2026-31714

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid memory leak in f2fsrename syzbot reported a f2fs bug as below: BUG: memory leak unreferenced object 0xffff888127f70830 size 16: comm "syz.0.23", pid 6144, jiffies 4294943712 hex dump first 16 bytes: 3c af 57 72...

PT-2026-36509

Name of the Vulnerable Software and Affected Versions openxc/isotp-c versions prior to commit 5a5d19245f65189202719321facd49ce6f5d46ac Description An out-of-bounds read exists in the ISO-TP Single Frame receive handler. The issue occurs because the 4-bit payload length nibble is used directly as...

Flipper Zero Firmware 安全漏洞

Flipper Zero Firmware is an open source firmware update and development tool for multifunctional devices from Flipper Devices. A security vulnerability exists in the Flipper Zero Firmware commit ad2a80 version, which originates from a stack overflow in the Main function...

EUVD-2026-26705

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function...

PT-2026-36534

Name of the Vulnerable Software and Affected Versions Flipperzero firmware affected versions not specified Description A stack overflow exists in the Main function, which allows attackers to execute arbitrary code. This issue is currently being exploited in real-world incidents. Recommendations A...

PT-2026-36516

Name of the Vulnerable Software and Affected Versions Open-SAE-J1939 versions prior to commit b6caf884df46435e539b1ecbf92b6c29b345bdfe Description A denial of service can be triggered via a crafted CAN frame on the J1939 bus within the SAE J1939 Read Binary Data Transfer DM16 function...

GHSA-28XX-PPPM-VQFF ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction

Impact Transactions were NOT committed despite the explicit options.WithCommit flag using table service client. Because of this, clients did not commit changes to the transaction, relying on the fact that the transaction commit was successful. This led in rare cases to a loss of data consistency...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the options.WithCommit process. An attacker can cause loss of data consistency by relying on the transaction commit flag without the transaction actually being committed. Workaround This...

ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction

Impact Transactions were NOT committed despite the explicit options.WithCommit flag using table service client. Because of this, clients did not commit changes to the transaction, relying on the fact that the transaction commit was successful. This led in rare cases to a loss of data consistency...

CLSA-2026-1777546896 openssh: Fix of CVE-2026-35385

CVE-2026-35385: when downloading files as root in legacy -O mode and without the -p preserve modes flag, scp1 did not clear setuid/setgid bits from downloaded files. Backport upstream commit 487e8ac1 to mask out the setuid/setgid bits in this case...

Linux Distros Unpatched Vulnerability : CVE-2026-39973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in...

EUVD-2026-26007

A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal...

Linux Distros Unpatched Vulnerability : CVE-2026-31445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: avoid use of half-online-committed context One major usage of damoncall is online DAMON parameters update. It is done by calling damoncommitctx...