Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fixed a crash that occurs during unbinding if the gpio unit is in use. We used the wrong device for the functions that manage devices. We used the USB device, when we should have used the interface device. If we...

Astra Linux - уязвимость в openvswitch

A flaw was discovered in OpenVSwitch OVS. When processing an IP packet with protocol 0, OVS will install a datapath flow without modifying the IP header. This issue results in the installation of a datapath flow that matches all IP protocols with “nwproto” set to wildcard, but with an incorrect...

Astra Linux - уязвимость в firefox, thunderbird

Malicious websites could have caused Firefox to display the wrong origin when requesting the launch of a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtrendpointpost Syzbot reported a slab-out-of-bounds Read in qrtrendpointpost. The problem was with the wrong sizetype: if len != ALIGNsize, 4 + hdrlen goto err; If the size from qrtrhdr is 4294967293...

Astra Linux - уязвимость в curl

Due to the use of a dangling pointer, libcurl versions 7.29.0 through 7.71.1 can use the wrong connection when sending data...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: mm/vmscan: fixed a bug where wakeupkswapd was called with an incorrect zone index. When numa balancing is enabled, and a numa system is running where a numa node does not have its own local memory and thus no managed zones, th...

Astra Linux - уязвимость в linux

The arch/x86/kvm/mmu/pagingtmpl.h file in the Linux kernel before version 5.12.11 incorrectly calculates the access permissions of a shadow page, resulting in a missing guest protection page fault...

Astra Linux - уязвимость в apache2

A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for the execution of CGI scripts under an unexpected userid. Users who have access to use the RequestHeader directive in htaccess can exploit this vulnerability. This issue affects Apache HTTP Server versions 2.4....

Astra Linux - уязвимость в firefox, thunderbird

A phishing website could have re-used an about: dialog box to display phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox 122 and Thunderbird 115.7...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: The function platformgetresource was replaced with the function devmplatformioremapresourcebyname. This function is called using 0 as the name. Eventually, this leads to a call to platformgetresourcebyname in the ca...

Not What You Asked For: Typographic Attacks in Household Robot Manipulation

Open-vocabulary embodied AI agents increasingly rely on vision-language models such as CLIP for object perception and task grounding. However, the shared embedding space that enables this flexibility introduces a structural vulnerability to typographic attacks, where printed text in a physical...

CVE-2026-44678

Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...

PT-2026-41127

Name of the Vulnerable Software and Affected Versions Tuist versions prior to 1.180.9 Description The "DELETE /api/projects/account handle/project handle/previews/preview id" endpoint loads a preview by its UUID without verifying that the preview belongs to the project resolved from the URL path...

EUVD-2026-29924

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

CVE-2026-5773 wrong reuse of SMB connection

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

CVE-2026-5773 wrong reuse of SMB connection

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

CVE-2026-5773

CVE-2026-5773 affects libcurl and involves a logical error in the SMB connection reuse pool. The code could reuse an existing SMB connection to the same server but with a different share, potentially causing the wrong file to be downloaded or a file to be uploaded to the wrong location, while cre...

CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...