Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Fixed the detection of protocol fallback using BPF. The sockmap feature allows for BPF syscall from user space, or based on BPF sockops, replacing the skprot of sockets during protocol stack processing with sockmap’s...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: The x-tunnel is deleted as soon as the x is deleted. The ipcomp fallback tunnels are currently deleted from various lists and hashtables because the last user state that relied on those fallbacks is destroyed not deleted. I...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a stack-buffer-overflow vulnerability through the use of void putepelhvfallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a crafted video file...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: EFI: Fixed a potential NULL dereference in efememreservepersistent. When iterating over a linked list, the result of memremap is dereferenced without checking if it is NULL. This patch adds a check that falls back to allocating a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fixed the issue of reference leaks when using netdevice in attachdefaultqdiscs. In attachdefaultqdiscs, if a device has multiple queues and queue 0 fails to attach a qdisc due to lack of memory during...

Astra Linux – Vulnerability in Harfbuzz

An integer overflow in the hb-ot-shape-fallback.cc component of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS attack through unspecified vectors...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of putweightedpredavg16fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported a MPTCP deadlock during the fallback process: WARNING: Possible recursive locking detected 6.18.0-rc7-virtme 1 Not tainted...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fallback earlier on simultaneous connections Syzkaller reports a race condition in simultaneous connections that leads to inconsistent fallback behavior. Status: WARNING: CPU: 3 PID: 33 at net/mptcp/subflow.c:1515...

Authorization Bypass

google.golang.org/grpc is vulnerable to authorization bypass. The vulnerability is due to improper validation of the HTTP/2 :path pseudo-header, which allows an attacker to send malformed requests without a leading slash and bypass path-based authorization policies when fallback "allow" rules are...

Linux Distros Unpatched Vulnerability : CVE-2026-43057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: correctly handle tunneled traffic on IPV6CSUM GSO fallback NETIFFIPV6CSUM only advertises support for checksum offload of packets without IPv6 extension...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from tunneled packets not being handled correctly during the IPV6CSUM GSO fallback, which could result in an...

CVE-2026-41263

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...

CVE-2026-42423

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval,...

Juniper Junos OS Multiple Vulnerabilities (JSA88112)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88112 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input due to improper handling of oversized Subject Alternative Name fields during certificate validation. An attacker can bypass certificate validation by crafting a certificate with an...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper handling of Uniform Resource Identifier URI and Service SRV Subject Alternative Names SANs in the certificate validation process. An attacker can intercept sensitive information or...

CVE-2026-42423 OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval,...

CVE-2026-6993

A flaw was found in go-kratos kratos. A remote attacker could exploit a vulnerability in the HTTP server's NewServer function, specifically within the http.DefaultServeMux Fallback Handler. This manipulation creates an unintended intermediary, which can lead to the disclosure of sensitive...

RLSA-2026:9689 Important: java-21-openjdk security update

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016 JDK:...