Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Unnecessary ofnodeput function removed from felixParseportsnode. The unnecessary ofnodeput function was removed from the continue path to prevent a child node from being released twice, which could lead to resource leak...

Astra Linux - уязвимость в node-body-parser

body-parser is a Node.js body parsing middleware. body-parser version 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue has...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Added a check for the return value of offinddevicebynode. Added a check on the return value of offinddevicebynode, and return an error if it fails, in order to avoid NULL pointer dereferencing...

Astra Linux - уязвимость в db5.3

SQLite3 versions from 3.6.0 through 3.27.2 are vulnerable to heap out-of-bound reads in the rtreenode function when handling invalid rtree tables...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: “power: supply: rk817” – Fixed the node refcount leak. Dan Carpenter reported that the Smatch static checker identified another refcount leak in the probe function. While the ofnodeput function was added in one of the return...

Astra Linux - уязвимость в f2fs-tools

There is an exploitable code execution vulnerability in the fsckchkorphannode functionality of the F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to a heap buffer overflow, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fixed the OF node leak during probe operations. The reference to the sync provider’s OF node during platform device probing is currently only dropped if the setsync callback fails during DAI probe. Make sure tha...

Astra Linux - уязвимость в node-tar

The npm package “tar” also known as node-tar in versions prior to 4.4.16, 5.0.8, and 6.1.7 has vulnerabilities related to arbitrary file creation/overwriting and arbitrary code execution. node-tar aims to ensure that any file whose location would be modified by a symbolic link is not extracted...

Astra Linux – Vulnerability in Node-Elliptic

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: nct7363 A resource leak has been fixed in nct7363presentpwmfanin. When calling parsephandlewithargs, the caller is responsible for calling nodeput to release the reference to the device node. In nct7363presentpwmfanin, thi...

Astra Linux - уязвимость в node-ini

This affects the package ini before version 1.3.6. If an attacker submits a malicious INI file to an application that parses it using ini.parse, they will corrupt the prototype within the application. This can be further exploited depending on the context...

Astra Linux - уязвимость в node-ansi-regex

ansi-regex is vulnerable to inefficient regular expression complexity...

Astra Linux - уязвимость в node-json-schema

JSON-schema is vulnerable to improperly controlled modification of object prototype attributes known as “Prototype Pollution”...

MAL-2026-4665 Malicious code in security-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...

Malicious code in axiosqqq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...

MAL-2026-4418 Malicious code in @pluxee-connect/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...

MAL-2026-4465 Malicious code in @web-3d-tool/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e96a726cf0732113215b2026a7a59fc6bf471f86d34153fea3a0e32b275fb5 @web-3d-tool/sdk is a near-empty package trivial 35-byte index.js, empty author/description metadata whose only effect on install is to pull in a...

MAL-2026-4440 Malicious code in @serviceshub/x-web-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cd81c2623e8f621801dcbfbf7d7eb8745bf702f1d5e85e410872400c7d2eea7 Package ships a trivial index.js module.exports = ; and exists solely to pull a direct-URL tarball dependency at install time. package.json line 9...

Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

Malicious code in cb-wallet-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d076ee3d487c7c10f785494c4391e39eb327b696224d5653746144fa5ac8d37 Package name 'cb-wallet-data' targets a presumed Coinbase-internal namespace and is published by an unaffiliated party. Both postinstall.js npm insta...