Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: perf: Fix for event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred until the target task resumes in user space through taskwork. However, failures during the process of adding an event’s...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Release MR restrack when delete The MR restrack also needs to be released when delete it, otherwise it cause memory leak as the task struct won't be released...

Astra Linux - уязвимость в chromium

The use of “after free” in Blink Task Scheduling in Google Chrome before version 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: A use-after-free issue has been fixed for aborted TMF sastask instances. Currently, a use-after-free might occur if a TMF sastask is aborted before we handle the I/O completion in mpisspcompletion. The abort occurs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Remove the “crit lock” mechanism Removing the “crit lock” mechanism frees us from the error-prone logic of using trylocks. Thanks to netdevlock by Jakub, this is now easier, and in most cases we were already protected by it...

CVE-2026-31733

A flaw was found in the Linux kernel's schedext component. The scheduler's direct dispatch state ddspdsqid was not consistently cleared across all execution paths. This oversight could leave the system in an incorrect state, leading to spurious warnings and unexpected behavior during task dispatc...

CVE-2026-31734

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...

CVE-2026-31734

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...

EUVD-2026-26547

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...

PT-2026-36369

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sched ext component where the is bpf migration disabled function produces a false negative on systems where CONFIG PREEMPT RCU is disabled. This occurs because the...

CVE-2026-7419

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2026-7419 UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2026-7419

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

EUVD-2026-26297

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

GHSA-44V6-JHGM-P3M4 n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

CVE-2026-7424 Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service permanent IP task freeze requiring hardware reset ...

PT-2026-36021

Name of the Vulnerable Software and Affected Versions UTT HiPER 1250GW versions prior to 3.2.7-210907-180535 Description A buffer overflow occurs in the strcpy function within the 'route/goform/formTaskEdit ap' file. This issue is triggered by the manipulation of the Profile argument, allowing fo...

[20260516] - Core - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation involving the parameter “Profile” in the function strcpy within the file...