Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: EFI: In runtime mode, a potential overflow of the size of the soft-reserved region has been fixed. If there are pages worth ≥ 4GB in a soft-reserved region, the value of mdsize will be reduced...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: dwc3-am62: fixed the behavior of module unloading and reloading Since runtime PM is enabled, the module can be suspended during runtime when .remove is called. Use pmruntimegetsync to ensure that the module is active befo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: EFI: Runtime: Avoid EFIv2 runtime services on Apple x86 machines Aditya reports that his recent MacBookPro crashes during firmware updates when variable services are used at runtime. The culprit seems to be a call to...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek – Performing a runtime PM get operation on controllers during probing The mt8183-mfgcfg component has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tty: serial: ip22zilog: Use platform device for probing After the commit 84a9582fd203 “serial: core: Start managing serial controllers to enable runtime PM”, serial drivers need to provide a device in the struct uartport.dev...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmpbuildprobe The ipv6stub-ipv6devfind function may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not loaded. Passing this error pointer to devhold will cause a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Counter: rz-mtu3-cnt: prevents the counter from being toggled multiple times The runtime PM counter is incremented/decremented each time the sysfs enable file is written to. If a user writes 0 to the sysfs enable file multiple...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fixed a kernel crash that occurred when hard-resetting the GPU. The GPU hard-reset sequence calls pmruntimeforcesuspend and pmruntimeforceresume. According to their documentation, these functions should only be...

RLSA-2026:19178 Moderate: crun security update

crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

PT-2026-42368

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

Amazon Linux 2023 : firewalld, firewalld-filesystem, firewalld-test (ALAS2023-2026-1636)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1636 advisory. A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This...

PT-2026-42180

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.to atom/1 without...

Malicious code in openirf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb17f2c97bd5a4cabcb86b5a51c9639749048f9675b6fa1d881e66d4d8b02958 pyproject.toml lists tdqm as a runtime dependency alongside numpy, scipy, and matplotlib. The package's source code imports tqdm the legitimate...

Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...

CVE-2026-45243

Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read,...

GHSA-7XPR-HC2W-34M9 Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

ai.looktech.ltrpc.schema:app-server (>=1.0.2 <=2.5.0), ai.looktech.ltrpc.schema:bt-app (=1.0.1) +488 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=1.0.0 <=6.2.0)

com.squareup.wire:wire-runtime MAVEN version =1.0.0, =1.0.2, =1.0.2, =0.0.1, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.7.24 and more Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...

com.squareup.wire:wire-grpc-client (=7.0.0-alpha01), com.squareup.wire:wire-schema (=7.0.0-alpha01) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (=7.0.0-alpha01)

com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01 is affected by a known vulnerability. The following packages have a transitive dependency on com.squareup.wire:wire-runtime and may be impacted: - com.squareup.wire:wire-grpc-client =7.0.0-alpha01 - com.squareup.wire:wire-schema...