EUVD-2026-37769

undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo The MBXTIMEOUT return code is not properly handled in lpfcgetsfpinfo, and the routine unconditionally frees the submitted mailbox commands, regardless of the return status. Th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mpblk: Add fdcc clock to hdmimix domain According to the i.MX8MP RM and HDMI specifications, the fdcc clock is part of the HDMI RX verification IP. This clock should not be enabled for HDMI TX...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fixed handling of connection failures In cases where immediate MPA Media Plane API request processing fails, the newly created endpoint unlinks from the listening endpoint and becomes ready to be dropped. This special...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: hisilicon: Added multi-thread support for DMA channels. When a DMA channel is obtained and tried to be used across multiple threads, it can lead to errors and cause the system to hang. bash % echo 100...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: wwan: t7xx: Fixed the FSM command timeout issue When the driver processes the internal state change command, it uses an asynchronous thread to handle the command operation. If the main thread detects that the task has tim...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Improved robustness of audit queue handling If the audit daemon becomes stuck in a stopped state, the kauditdthread function in the kernel might get blocked while attempting to send audit records to the audit daemon in the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: Staging: rtl8192eu: Fixed a deadlock in rtwjoinbsseventprehandle. There is a deadlock in rtwjoinbsseventprehandle, as shown below: Thread 1 | Thread 2 | settimer rtwjoinbsseventprehandle | modtimer spinlockbh //1 | Wait...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: wl1251 – Fixed a memory leak in wl1251txwork. The skb packet dequeued from txqueue is lost when the wl1251pselpwakeup function fails with an -ETIMEDOUT error. This issue was fixed by re-queuing the skb packet back into...

Astra Linux – Vulnerability in Xen

Inappropriate x86 IOMMU timeout detection/handling: IOMMU processes commands that are issued in parallel with the operation of the CPUs that issue those commands. In the current implementation in Xen, asynchronous notifications of the completion of such commands are not used. Instead, the issuing...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Anonymous sets are never used with a timeout flag from the user space; this behavior should be rejected. An exception to this rule is when using NFTSETEVAL, to ensure that legacy metering mechanisms continue ...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mailbox: bcm2835: Fixed timeout during suspend mode During the noirq suspend phase, the Raspberry Pi power driver experiences firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40248)

In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...

CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

CVE-2026-6733

Undici’s HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes; when the client issues the next request on that socket, the injected r...

CVE-2025-62340

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...

CVE-2025-62340

The CVE affects HCL iControl and describes an Inadequate Session Timeout vulnerability in which a web application does not terminate user sessions after inactivity. Based on the provided data, the issue is categorized with CVSS v3.1 base score 3.1 (LOW) and a network attack vector with high attac...

EUVD-2026-37012

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

CVE-2026-45416 Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

CVE-2026-47197

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...