Astra Linux - уязвимость в imagemagick

The PALM image coder in coders/palm.c makes an improper call to AcquireQuantumMemory in the routine WritePALMImage. This call requires an offset of 256 bytes. This could lead to a out-of-bounds read later in the routine. The patch adds 256 bytes to bytesperrow in the call to AcquireQuantumMemory...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017569 advisory. A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017551 advisory. The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017571 advisory. A floating point math calculation in ScaleAnyToQuantum of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017557)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017557 advisory. A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in t...

Astra Linux - уязвимость в imagemagick

In GammaImage of /MagickCore/enhance.c, depending on the gamma value, it is possible for a divide-by-zero condition to occur when a specially crafted input file is processed by ImageMagick. This could affect the availability of the application. The patch uses PerceptibleReciprocal to prevent such...

Astra Linux - уязвимость в imagemagick

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but...

Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger bsc1258396. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy managemen...

MiracleLinux 4 : libarchive-2.8.3-3.AXS4 (AXSA:2012-68:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-68:01 advisory. Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several...

MiracleLinux 3 : drupal-6.8-2AXS3 (AXSA:2009-68:02)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-68:02 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a...

CVE-2022-31875

Trendnet IP-110wn camera fwtv-ip110wnv21.2.2.68 has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi...

CVE-2024-34478

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of...

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

MAL-2025-164942 Malicious code in rita-68 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc29647acf413c219e727ab530e44d7df47b97b76ed941bacb3aebe655edb09d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in alvira-68 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6455278cdff6eff9cf0a8f0eb772762bf64bc988c3f28fc084aa1e251e40a035 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in billa-68 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b58836bf0b647d6bb4fc51b806b3aeb5ef4505df41a4c5270f724abd6cb8e69 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-155676 Malicious code in hariyono-68 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fb30eabdc2ea008ee9f7f637bdfd247b847b1177681c85ac4123e7c12057476 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rita-68 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc29647acf413c219e727ab530e44d7df47b97b76ed941bacb3aebe655edb09d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154100 Malicious code in cinta-68 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7790ed6d2aecb1fb7abcd89bb5c4d8511ccd72f3e7a89e7e55d6f6086edc482e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cinta-68 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7790ed6d2aecb1fb7abcd89bb5c4d8511ccd72f3e7a89e7e55d6f6086edc482e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...