Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Do not hold the layoutget locks across multiple RPC calls When performing layoutget as part of the open compound, we must be careful to release the layout locks before calling any further RPC calls, such as setattr. The...

Astra Linux – Vulnerability in Linux

In the pfkeydump of afkey.c, there is a potential out-of-bounds read due to a missing bounds check. This could lead to the disclosure of local information within the kernel, which requires System execution privileges. User interaction is not required for exploitation. Product: Android. Versions:...

Astra Linux – Vulnerability in exuberant-ctags

A flaw was discovered in Exuberant Ctags regarding its handling of the "-o" option. This option specifies the tag filename. A specially crafted tag filename, specified either in the command line or in the configuration file, can lead to arbitrary command execution. This occurs because the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid accessing uninitialized curseg. The syzbot reports the following f2fs bug: F2FS-fs loop3: The filesystem stopped due to the reason: 7. kworker/u8:7: Attempt to access beyond the end of the device. Bug: Unable...

Astra Linux – Vulnerability in WebKit2GTK

This issue has been addressed through improved enforcement of iframe sandboxing policies. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policies...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the MagickCore/visual-effects.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The greatest threat of this vulnerability is to system...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A NULL pointer dereference flaw was discovered in dbFree in the fs/jfs/jfsdmap.c file of the Journaling File System JFS within the Linux kernel. This issue may allow a local attacker to cause the system to crash due to a missing sanity check...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock issue with buffermutex and mmaplock syzbot detected a potential deadlock between the PCM’s runtime-buffermutex and the mm-mmaplock. This issue arose due to the recent fix related to racy...

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds access vulnerability, caused by an unsanitized attribute length in ntfs inodelookupbyname, in NTFS-3G 2021.8.22...

Astra Linux – Vulnerability in connman

A issue was discovered in the DNS proxy of Connman through version 1.40. The forwarddnsreply function improperly handles a strnlen call, resulting in an out-of-bounds read...

Astra Linux – Vulnerability in Keepalived

In Keepalived versions up to 2.2.4, the D-Bus mechanism does not sufficiently restrict the destination of messages, allowing any user to inspect and manipulate any property. This leads to bypasses of access controls in some situations, where a unrelated D-Bus system service has a settable writabl...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid potential panic during recovery. During recovery, if FAULTBLOCK is enabled, it is possible that f2fsreservenewblock will return -ENOSPC during recovery, which may trigger a panic. Additionally, if the faul...

Astra Linux – Vulnerability in udisks2

A vulnerability has been discovered in udisks2. This flaw allows an attacker to submit a specially crafted image file/USB, resulting in kernel panic. The greatest threat posed by this vulnerability is to system availability...

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s Bluetooth subsystem. In this flaw, users can simultaneously call the connect and disconnect functions on the socket, leading to a race condition. This flaw may cause the system to crash or allow an escalation of privileges. The most...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: NFS: Do not corrupt the value of pgbyteswritten in nfsdorecoalesce The value of mirror-pgbyteswritten should only be updated after a successful attempt to flush out the requests on the list...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multip...

CVE-2026-12460

An insufficient policy enforcement flaw was found in the File System Access component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517484284...

CVE-2026-12044

A flaw was found in pgAdmin 4. An authenticated user with specific permissions could exploit a SQL injection vulnerability by submitting a crafted description field in various dialog templates. This could allow the user to execute arbitrary SQL commands, potentially leading to arbitrary operating...