Astra Linux – Vulnerability in WebKit2GTK

Integer overflow has been addressed through improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, and visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox

Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs in Firefox 95. Some of these bugs exhibited signs of memory corruption, and we believe that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved restrictions. This issue is fixed in iOS 16.6, iPadOS 16.6, watchOS 9.6, tvOS 16.6, and macOS Ventura 13.5. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in pyyaml

A vulnerability was discovered in the PyYAML library in versions prior to 5.4. In these versions, the library is susceptible to arbitrary code execution when it processes untrusted YAML files using the fullload method or the FullLoader loader. Applications that use this library to process untrust...

Astra Linux – Vulnerability in exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, and tvOS 17.1. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox

When Web Render components were destroyed, a race condition could lead to undefined behavior. We assume that with sufficient effort, this vulnerability could be exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 88.0.1, as well as Firefox for Android...

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the eval function in the LambdaFilterComponent component. An attacker can execute arbitrary...

Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

...

MiracleLinux 9 : python3.12-3.12.12-4.el9_7.3 (AXSA:2026-519:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-519:12 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

FreeBSD : Mozilla -- Memory safety bugs (e4a08820-470d-11f1-be75-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e4a08820-470d-11f1-be75-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=2028537%2C2029911%2C2031121%2C2033602 reports: Memory...

RHEL 8 : OpenEXR (RHSA-2026:12338)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12338 advisory. OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This package...

Debian dsa-6239 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6239 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6239-1 [email protected]...

RHEL 8 : OpenEXR (RHSA-2026:12339)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12339 advisory. OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This package...

RHEL 8 : OpenEXR (RHSA-2026:12341)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12341 advisory. OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This package...

RHEL 10 : libtiff (RHSA-2026:12265)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:12265 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitra...

CVE-2026-31730

A flaw was found in the Linux kernel's fastrpc component that could lead to a denial of service DoS or potentially arbitrary code execution. This memory corruption vulnerability, specifically a double-free, occurs when the cctx-remoteheap memory is freed twice due to an error handling issue in th...

[SECURITY] [DLA 4559-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4559-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 01, 2026 https://wiki.debian.org/LTS -...

CVE-2026-43049

A flaw was found in the Linux kernel's logitech-hidpp driver. When the force feedback initialization fails for the Logitech G920 Driving Force Racing Wheel, the driver returns an error before properly tearing down userspace infrastructure. This can lead to a use-after-free UAF vulnerability if...

CVE-2026-43047

A flaw was found in the Linux kernel's Human Interface Device HID multitouch subsystem. A malicious or improperly configured HID device can respond to a feature request with an incorrect report ID. This confusion in the HID core can lead to out-of-bounds writes, potentially allowing a local...