Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: A check for a null descriptor is performed before calling ptcmdcallback. This issue resolves a panic that can occur on AMD systems, typically during host shutdown, after the PTDMA driver has been exercised. The...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: xenvifrxnextskb: Avoid entering this function with an empty rx queue. xenvifrxnextskb expects that the rx queue is not empty. However, if the loop in xenvifrxaction performs multiple iterations, the availability of another skb in...

Astra Linux - уязвимость в firefox

A memory-out-of-memory condition during object initialization could lead to an empty shape list. If the JIT compiler traces the object subsequently, it will cause a crash. This vulnerability affects Firefox versions less than 125...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: The BUGON flag has been removed when the event pool is empty. In practice, the driver should never send more commands than are allocated to the event pool. If this happens, the code will assert the BUGON flag. In th...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Apparmor: Avoid a crash when parsing an empty profile name. When processing a packed profile in unpackprofile, the string “:samba-dcerpcd” is parsed as a fully qualified name and then passed to aasplitnfqname. aasplitnfqname trea...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the drivers/mtd/ubi/vtbl.c file in the Linux kernel, up to version 6.7.4, it is possible for the code to attempt to allocate zero bytes, resulting in a crash due to a missing check for ubi-lebsize...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fixed to avoid migrating empty sections. A bug has been reported from a device with zufs: F2FS-fs dm-64: Inconsistent segment type 1, 0 in SSA and SIT. F2FS-fs dm-64: The filesystem was stopped due to reason: 4. Thread A...

Astra Linux - уязвимость в haproxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides an empty password value. This issue affects FreeRDP-based RDP Server implementations. RDP clients are not affected. The...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ila: Do not generate empty messages in ilaxlatnlcmdgetmapping. ilaxlatnlcmdgetmapping generates an empty skb, triggering a recent sanity check. Instead, an error code should be returned so that it can be handled by the user...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: exec: Force a single empty string when argv is empty Quoting 1 Ariadne Conill: “In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program. This prevents scenarios...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handling the case where EIOINTC’s coremap is empty EIOINTC’s coremap in eiointcupdateswcoremap can be empty. Currently, we get a cpuid value of -1 in this case, but we actually need a value of 0, as it is similar ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such an entry to the end of the arrays where it is missing, in order to avoid...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: netlink: afnetlink: Added a check on the len parameter to prevent empty skb objects. This prevents a division error in the netemenqueue function, which occurs when skb-len=0 and skb-datalen=0 during the randomized corruption...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass an empty environment variable. fwgetenv will use the environment variable entry to determine the style of the environment variables. However, it is legal for the firmware to simply pass an empty...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: hp-bioscfg: Fixed warnings regarding empty attribute names in kobjects. The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes...

Astra Linux - уязвимость в libxml2

A issue was discovered in libxml2 before version 2.10.4. When hashing empty dictionary strings in a crafted XML document, the xmlDictComputeFastKey function in dict.c can produce non-deterministic values, resulting in various logical and memory errors, such as double-free errors. This behavior...

MAL-2026-4502 Malicious code in bucket-protocol-sdk-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19ff8a6cb5a08bd0561658d41dfe3616f1680bc5acac989c97da38f37ee41b4 bucket-protocol-sdk-v2 advertises itself as a 'community maintained drop-in replacement' for the Sui ecosystem's bucket-protocol-sdk, but its src/ tr...

Malicious code in @serviceshub/x-web-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cd81c2623e8f621801dcbfbf7d7eb8745bf702f1d5e85e410872400c7d2eea7 Package ships a trivial index.js module.exports = ; and exists solely to pull a direct-URL tarball dependency at install time. package.json line 9...

CVE-2026-6456

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...