273 matches found
Astra Linux – Vulnerability in imagemagick
The PALM image coder in coders/palm.c makes an improper call to AcquireQuantumMemory in the routine WritePALMImage. This call requires an offset of 256 bytes. This could lead to a out-of-bounds read later in the routine. The patch adds 256 bytes to bytesperrow in the call to AcquireQuantumMemory...
Astra Linux - уязвимость в imagemagick
In GammaImage of /MagickCore/enhance.c, depending on the gamma value, it is possible for a divide-by-zero condition to occur when a specially crafted input file is processed by ImageMagick. This could affect the availability of the application. The patch uses PerceptibleReciprocal to prevent such...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017557)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017557 advisory. A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in t...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017551)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017551 advisory. The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017569)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017569 advisory. A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017571)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017571 advisory. A floating point math calculation in ScaleAnyToQuantum of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick in the coders/txt.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned long long. This likely leads to a disruption in the application’s...
Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger bsc1258396. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy managemen...
MiracleLinux 3 : drupal-6.8-2AXS3 (AXSA:2009-68:02)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-68:02 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a...
MiracleLinux 4 : libarchive-2.8.3-3.AXS4 (AXSA:2012-68:01)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-68:01 advisory. Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several...
CVE-2022-31875
Trendnet IP-110wn camera fwtv-ip110wnv21.2.2.68 has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi...
CVE-2024-34478
btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of...
CVE-2025-66270
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...
Malicious code in alvino-68 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 622b2f3bc6c9bbd2e0298b450ef73e1a5869938cd6dcb19881027adbf90f6bc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in billa-68 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b58836bf0b647d6bb4fc51b806b3aeb5ef4505df41a4c5270f724abd6cb8e69 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rita-68 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc29647acf413c219e727ab530e44d7df47b97b76ed941bacb3aebe655edb09d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bitha-68 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f959849a4e6a02228da8cf31644efeae0a045630af1c5d48fff413717d78cb32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cinta-68 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7790ed6d2aecb1fb7abcd89bb5c4d8511ccd72f3e7a89e7e55d6f6086edc482e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aril-68 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2147c6be0e3285f07cdd019df166d7b17341b3f4aa4af07782901aad8985e14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alvira-68 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6455278cdff6eff9cf0a8f0eb772762bf64bc988c3f28fc084aa1e251e40a035 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...