GHSA-VGHX-352F-93JM nimiq-blockchain: Genesis batch set request

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates backwards through macro blocks using Policy::macroblockbefore. When it reaches the genesis block number, macroblockbefore panics...

CVE-2026-39461

libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. An attacker able to cause an...

tenda-hg10-voip-other-set-stack-overflow

Tenda HG10 Stack-based Buffer Overflow Vulnerability Summa...

PT-2026-42671

Name of the Vulnerable Software and Affected Versions Nimiq versions prior to 1.5.0 Description A remote peer can cause a full node to crash by sending a RequestBatchSet message that includes the hash of the genesis block. This occurs because the handler invokes the get epoch chunks function, whi...

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path

The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: exfat: Check whether the cluster number is valid. Syzbot reported a slab-out-of-bounds read in exfatclearbitmap. This issue was triggered when the reproducer called truncute with a size of 0, resulting in the following error...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc Lazy garbage collection for rbtree during insertions may collect end interval elements that have just been added during these transactions. These elements are skipped, as...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation The outer nesting of ETHTOOLASTRSETSTRINGSETS is not taken into account. This may result in ETHTOOLMSGSTRSETGET generating a warning like this: “Calculated message payload length 68...

Astra Linux - уязвимость в ffmpeg, ffmpeg5

FFmpeg v.n6.1-3-g466799d4f5 allows for an over-reading of the buffer at ffgradfunblurlinemovdqasse2, as demonstrated by a call to the setencoderid function in the /fftools/ffmpegenc.c component...

Astra Linux - уязвимость в xterm

With Patch 370, xterm enables Sixel support. When this is enabled, attackers can exploit a buffer overflow in the setsixel function in graphicssixel.c by using crafted text...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: led: qcom-lpg: Fixed sleeping in atomic operations The lpgh brightnessset function can enter a sleeping state, while the led’s brightnessset callback must be non-blocking. The LPG driver should use brightnesssetblocking instea...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fixed a memory leak in the setmempolicyhomenode system call. When encountering any virtual memory area vma with a policy other than MPOLBIND or MPOLPREFERREDMANY, an error is returned without issuing a mpolput...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed a memory leak in setsspcomplete. A memory leak was fixed in setsspcomplete, where the mgmtpendingcmd structures are not freed after they are removed from the pending list. Commit 302a1f674c00 “Bluetooth:...

Astra Linux – Vulnerability in Flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btmtksdio: Fixed a kernel oops in btmtksdiointerrupt. Fixed the following kernel oops in btmtksdiointerrrupt: 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: cifs: preventing incorrect output lengths in smb2ioctlqueryinfo When calling smb2ioctlqueryinfo with smbqueryinfo::flags=PASSTHRUFSCTL and smbqueryinfo::outputbufferlength=0, the following value of 0x10 will be returned. c buffer...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Do not offline the last non-isolated CPU. If a system has isolated CPUs via the “isolcpus=” command-line parameter, then attempting to offline the last housekeeping CPU will result in a WARNON message when rebuilding...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: In the fbdev subsystem, within the vt8623fb function, there is a issue where the value of screensize is calculated based on user input. If an improper value is provided by the user, the value of screensize may be larger than...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: exfat: Fixed a reference count leak in exfatfind. Fixed reference count leaks related to exfatgetdentryset in exfatfind. The function exfatgetdentryset would increment the reference counter of es-bh on success. Therefore,...