Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwl3945: Added a check for the return value of createsinglethreadworkqueue to avoid NULL pointer dereferencing...

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel’s implementation of string matching within packets. A privileged user with root or CAPNETADMIN status can insert rules into iptables, and this action may cause the system to panic. The issue affects kernels prior to version 5.5-rc1...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: USB: Fixed various issues related to devices connected via 10Gbps cables. The function usbassigndescriptors is called with 5 parameters. The last 4 of these parameters represent USB descriptor headers for the following speeds: -...

Astra Linux – Vulnerability in exim4

Exim: Improper Neutralization of Special Elements Leading to Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected Exim installations. Authentication is not required to exploit this vulnerability. The specific flaw resides within the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Hub – Protection against access to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields within udev-bos without checking whether they have been allocated and...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mmmremap.c: Avoid unnecessary calls to invalidrangestart/invalidaterangeend when using mremap with oldsize=0. If the mremap system call with oldsize=0 ends up in movepagetables, it will unnecessarily call...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fixed a null pointer dereferencing in ofsysconregister. The kasprintf function returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-mpmu: Fixed the issue where a NULL value was returned instead of an ISERR pointer. The devmkzalloc function now returns NULL if there is an error, rather than an error pointer. The check has been updated to matc...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Networks: WWAN: IOSM: Fixed a memory leak in ipcwwandellink. The IOSM driver registers network devices without setting the needsfreenetdev flag. Additionally, it does not call freenetdev when unregistering the network device,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioedgeport: fix use after free in debug printk The line “devdbg&urb-dev-dev, …” occurs after the function usbfreeurburb. This is a use after free of the “urb” pointer. To avoid this issue, store the “dev” pointer at...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed memory leaks and NULL dereferencing in smb2lock. smb2lock has three error handling issues after listdel detaches smblock from locklist at nocheckcl: 1 If vfslockfile returns an unexpected error in the non-UNLOCK...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dm: A crash occurs if blkallocdisk fails. If blkallocdisk fails, the variable md-disk is set to an error value. cleanupmappeddevice will notice that md-disk is non-NULL and will attempt to access it, causing a crash at the line...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Fixed a crash that occurs when switching to switchdev mode. When switching to switchdev mode if the device does not support IPsec, we attempt to clean up the IPsec resources, which causes a crash. This issue is fixed...

Astra Linux – Vulnerability in Tomcat9

When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...

Fedora 45 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-e212182e6e)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-e212182e6e advisory. nginx-mod-brotli: - Rebuild for 1.30.3 nginx-mod-fancyindex: - Rebuild for 1.30.3 nginx-mod-modsecurity: - Rebuild for 1.30.3 nginx-mod-headers-more...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]

Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

GHSA-R253-R9JW-QG44

creationtimestamp| type| source ---|---|--- 2026-06-18 18:41:53+00:00| seen| https://gist.github.com/alon710/41babc051db96b1507f3fb804d7012be 2026-06-18 18:51:38+00:00| seen| https://gist.github.com/alon710/3807d480d537cf9538209dc130bd58ae 2026-06-18 19:02:49+00:00| seen|...

WordPress Classified Listing – AI-Powered Classified ads & Business Directory plugin <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Feature Modification vulnerability discovered by Ben Tamam Ben Tamam in WordPress Plugin Classified Listing versions = 5.4.2...

EUVD-2026-37763

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent...

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername...