Vulnerabilities in Apache HTTP Server

The Apache Software Foundation has addressed several vulnerabilities in Apache HTTP Server. These vulnerabilities concern various modules and functions within Apache HTTP Server. The most serious vulnerability relates to a double-free in the HTTP/2 implementation, which allows an attacker to...

CVE-2026-43870

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

PT-2026-37059

Name of the Vulnerable Software and Affected Versions phoenix versions 1.7.0 through 1.7.21 phoenix version 1.8.6 Description An issue in the long-poll transport's NDJSON body handling allows a denial of service. In the publish/4 function of Elixir.Phoenix.Transports.LongPoll, POST requests with...

PT-2026-36992

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description Apache Thrift contains multiple issues, including an origin validation error, improper limitation of a pathname to a restricted directory Path Traversal, improper neutralization of CRLF...

Malicious Package

Overview @ozon-complt/split is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: isotp: split the transmission timer into two parts—transmission and timeout. The timer for the transmission of isotp PDUs previously had two functions: 1. sending two consecutive frames with a specified time interval. 2...

Astra Linux - уязвимость в chromium

The incorrect security UI in Split View in Google Chrome prior to version 144.0.7559.59 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

Guests can trigger the reset/abort/crash of the NIC interface through netback. It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux-based network backend by sending certain types of packets. It seems to be an unstated assumption in the rest of the Linux network stack...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed the WARNON message in tracingbuffersmmapclose for split VMA instances. When a VMA is split e.g., through partial munmap or MAPFIXED, the kernel calls vmops-close on each portion of the VMA. For trace buffer mapping...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: Prevent poison consumption when splitting THP When performing memory error injection on a THP Transparent Huge Page mapped to user space on an x86 server, the kernel panics with the following trace. The expected behavior woul...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Do not call mmput from the MMU notifier callback. If the process exits, the mmput call within the MMU notifier callback from compactd, fork, or numa balancing may release the last reference to the mm struct. This can...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be split according to the dm-crypt internal limits defined by the maxreadsize and maxwritesize modul...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: Fixed the misuse of mappinglargefoliosupport for anonymous folios. When I conducted a large folio split test, a warning was triggered: “5059.122759T166 Cannot split file folio to non-0 order”. However, the test...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: cxl: fixed a possible null-ptr-deref in cxlguestinitafu|adapter. If deviceregister fails in cxlregisterafu|adapter, the device is not added. In this case, deviceunregister cannot be called in the error path. Otherwise, a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: do not clobber swpentryt during THP split The following has been observed when running stressng mmap since commit b653db77350c "mm: Clear page-private when splitting or migrating a page" watchdog: BUG: soft lockup ...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent...

CVE-2026-43031

A flaw was found in the Linux kernel's xilinx axienet network driver. This vulnerability arises from incorrect accounting of Buffer Queue Length BQL, a mechanism that manages network buffer usage, for transmit TX packets that are split across multiple buffer descriptors. If these packet segments...

CLSA-2026-1777591889 Fix CVE(s): CVE-2026-35414

SECURITY UPDATE: incorrect matching of authorizedkeys principals="..." option when a certificate principal name contains a comma character - debian/patches/CVE-2026-35414.patch: split principallist on commas and exact-match each entry instead of passing it to matchlist - CVE-2026-35414...

ALPINE-CVE-2026-31787

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmdvmops defines .close privcmdclose, but neither .maysplit nor .open. When userspace does a partial munmap on a privcmd mapping, the kernel splits the VMA via splitvma. Since...