Astra Linux – Vulnerability in Firefox

The SVG element could have been used to load unexpected content that might execute scripts under certain circumstances. Although the specification appears to allow this, other browsers do not do so. Web developers relied on this property for script security, so Gecko’s implementation was aligned...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fixed an out-of-bounds access in otppackedelementt The value CS35L41NUMOTPELEM is 100, but only 99 entries are defined in the array otpmap1/2CS35L41NUMOTPELEM. This will trigger UBSAN to report a out-of-bounds...

Astra Linux – Vulnerability in librsvg

A directory traversal vulnerability exists in the URL decoder of librsvg before version 2.56.3. This vulnerability could be exploited by local or remote attackers to access files located in the local filesystem, outside of the expected area. This was demonstrated with the URL...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: fixed a null dereference issue when inserting elements into the RBTree structure. There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: General protection faults, likely due to an...

Astra Linux – Vulnerability in Firefox and Thunderbird

When injecting an HTML base element, some requests will ignore the CSP’s base-uri settings and instead accept the base-uri setting of the injected element. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a race condition between element replacement and close. The element replacement with a socket that is different from the one stored may race with the close operation, where the link of the socket is popped...

Astra Linux – Vulnerability in libxml2

A vulnerability was discovered in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to create a malicious XML input file that can cause libxml to crash, resulting in a denial of service or other undefined...

Astra Linux – Vulnerability in Zabbix

When a URL is added to the map element, it is recorded in the database with a sequential ID. When adding a new URL, the system retrieves the previous value of the sysmapelementurlid and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: 1. Deleting the last element does not require moving elements. In fact, the element at position i+1 is out of bounds. 2...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed a stack buffer overflow issue during the parsing of the OnAssocReq IE. The length of the Supported Rates IE from an incoming Association Request frame was directly used as the length for the memcpy...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fix for out-of-bounds read in rtwgetie parser. The Information Element IE parser rtwgetie trusted the length byte of each Information Element without verifying that the IE body len bytes after the 2-byte heade...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: BPF, sockmap: Prevent lock inversion deadlock in mapdeleteelem operation. The syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Since BPF tracing programs can be invoked fr...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: addelem"00000000" timeout 100 ms ... addelem"0000000X"...

Astra Linux – Vulnerability in expat

In Expat also known as libexpat, before version 2.4.5, an attacker could trigger stack exhaustion in buildmodel by using a large nesting depth in the DTD element...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – Use a timestamp to check for timeout conditions related to set elements. A timestamp field was added at the beginning of the transaction; it is stored in the nftablespernetns area. The .insert, .deactivat...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Prevent out-of-bounds access The while loop in raspberrypidiscoverclocks relies on the assumption that the ID of the last clock element is zero. Since this data comes from the Videocore firmware, and it does not...

OESA-2026-2180 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...

Important: python3.14

Issue Overview: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 The fix for CVE-2026-0672, which rejected control characters...

CVE-2026-40745

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

EUVD-2026-25829

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...