Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Fuse: Fix for the deadlock caused by reclaimeduring. The commit e26ee4efbc79 “Fuse: Allocate ff-releaseargs only if release is needed” avoids allocating ff-releaseargs if the server does not implement open. However, in doing so,...

Auditing Apple'S DifferentialPrivacy.Framework: Implementation Bugs, Misconfigurations, and Practical Risks

Since 2016, Apple has claimed that device analytics collected to improve user experience are protected by differential privacy DP. Apple's DifferentialPrivacy.framework is deployed across its operating systems and handles sensitive signals such as Safari domains, keyboard events, photo attributes...

bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl CVE-2009-2625, CVE-2012-0881, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2009-2625 DESCRIPTION: XMLScanner.java in Apache Xerces2...

[SECURITY] Fedora 44 Update: pypy-7.3.22-2.fc44

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

darksword-Exploit

🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...

SUSE CVE-2026-8556

Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

Chromium: CVE-2026-8585 Inappropriate implementation in Media

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8584 Inappropriate implementation in Views

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8565 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-8454 Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The...

CVE-2026-8586

An inappropriate implementation flaw was found in the Chromoting component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499154022...

CVE-2026-8565

An inappropriate implementation flaw was found in the Downloads component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=442860473...

CVE-2026-8556

An inappropriate implementation flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500052361...

[SECURITY] Fedora 44 Update: rust-rpm-sequoia-1.10.2-2.fc44

An implementation of the RPM PGP interface using Sequoia...

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

CVE-2026-8584

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8585

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-30405

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-30470

Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...