Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005646 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-races around user-unixinflight. user-unixinflight is changed under...

did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.30.4) +7 more potentially affected by CVE-2026-27932 via joserfc (>=1.0.0 <=1.6.1)

joserfc PYPI version =1.0.0, =1.0.0, =1.0.5, =2.1.1, =3.0.2, =0.21.2, =0.6.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: SNYK:PYTHON-JOSERFC-15369129...

CVE-2026-26214

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

CVE-2026-26214

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the GalaxyFDSClientImpl.createHttpClient function. An attacker can intercept and modify communications by performing a man-in-the-middle attack when TLS hostname verification ...

CVE-2026-26214

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

CVE-2026-26214

The CVE describes a TLS hostname verification flaw in Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android)

CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

galaxy-fds-sdk-android 安全漏洞

Galaxy-FDS-SDK-Android is an open-source developer toolkit developed by Xiaomi for storing file data on Xiaomi devices. Versions of Galaxy-FDS-SDK-Android 3.0.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the disabling of TLS hostname verification when HTTPS is...

PT-2026-7854

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOW ALL HOSTNAME VERIFIER, which...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992674 advisory. In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on closerange with CLOSERANGEUNSHARE copyfdbitmapsnew, old, count is expect...

did-sdk-python (>=1.0.0 <=1.1.3), fds-sdk-utils (>=2.1.1 <=2.1.3) +4 more potentially affected by CVE-2025-65015 via joserfc (>=1.0.0 <=1.2.2)

joserfc PYPI version =1.0.0, =1.0.0, =2.1.1, =3.0.2, =0.21.2, =0.6.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2025-65015 Source advisory: SNYK:PYTHON-JOSERFC-14052498...

EUVD-2014-1138

Malware in sbrugna...

EUVD-2023-59804

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-53172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FSIOCENABLEVERITY on mode 3 fds Commit 56124d6c87fd fsverity: support...

CVE-2023-53204

CVE-2023-53204 affects the Linux kernel af_unix subsystem. The root cause is a data race on the unix_inflight field: user-&gt;unix_inflight is modified under spin_lock(unix_gc_lock), while too_many_unix_fds() reads it locklessly, enabling a race between unix_attach_fds and the unix_inflight acces...

CVE-2023-53204 af_unix: Fix data-races around user->unix_inflight.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-races around user-unixinflight. user-unixinflight is changed under spinlockunixgclock, but toomanyunixfds reads it locklessly. Let's annotate the write/read accesses to user-unixinflight. BUG: KCSAN: data-race in...

DEBIAN-CVE-2023-53172

In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FSIOCENABLEVERITY on mode 3 fds Commit 56124d6c87fd "fsverity: support enabling with tree block size fmode & FMODEREAD' in kernelread became reachable by fuzz tests. This happens if FSIOCENABLEVERITY is called on...