Astra Linux – Vulnerability in docker.io-app

Moby version 25.0.3 has a race condition vulnerability in the StreamFormatter package. This vulnerability can be exploited to trigger multiple concurrent write operations, leading to data corruption or application crashes...

Security Bulletin: Multiple vulnerabilities with the Nginx web server used in IBM Aspera Shares 1.9.2 and earlier

Question Security Bulletin: Multiple vulnerabilities with the Nginx web server used in IBM Aspera Shares 1.9.2 and earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform...

PT-2026-49579

Name of the Vulnerable Software and Affected Versions Electron versions 42.3.1 through 42.3.2 Description Incorrect byte length calculations in the Node.js Buffer API cause heap underflow or overflow, which can lead to memory corruption or application crashes. This issue may result in incorrect...

CVE-2026-6811

A flaw was found in the MongoDB PHP driver. This stack exhaustion vulnerability can lead to application crashes when the driver processes deeply nested BSON Binary JSON documents. This can occur in unusual circumstances when the BSON documents originate from a source other than a MongoDB server,...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the extractanimvalue function of the Half-Life 1 MDL Loader component when processing the num.total argument. An attacker can achieve arbitrary code execution or cause application crashes by supplying...

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from the use of a uint16t counter for xappid assignment, but the counter is stored in a uint32t field. As a result of this counter...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

Hitachi Energy HiDraw 安全漏洞

Hitachi Energy HiDraw is a power transformer design software developed by Hitachi Corporation in Japan. Hitachi Energy HiDraw contains a security vulnerability caused by a heap buffer overflow. This vulnerability could allow malicious users with local access to cause memory corruption and potenti...

Use After Free

Electron is vulnerable to Use After Free. The vulnerability is due to improper handling of child windows in offscreen rendering mode after the parent WebContents is destroyed, which allows an attacker to trigger memory corruption or application crashes through crafted child window interactions...

MongoDB PHP Driver 安全漏洞

The MongoDB PHP Driver is an open-source driver developed by MongoDB for PHP applications, enabling connection to MongoDB databases. The MongoDB PHP Driver has a security vulnerability that stems from a stack overflow issue when processing deeply nested BSON documents, which may lead to applicati...

Qt SVG 安全漏洞

Qt SVG is a graphics processing module developed by the Qt company. Versions of Qt SVG from 6.7.0 to 6.8.8, as well as versions from 6.9.0 to 6.11.1, have security vulnerabilities. These vulnerabilities stem from type confusion during the processing of SVG markup references, which may lead to...

[SECURITY] Fedora 44 Update: kf6-kcrash-6.25.0-1.fc44

KCrash provides support for intercepting and handling application crashes...

Denial Of Service (DoS)

Electron is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of invalid clipboard image data leading to unchecked null bitmap usage, which allows an attacker to cause application crashes when malformed image data is processed...

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the powerMonitor function. An attacker can cause memory corruption or application crashes by triggering...

CVE-2026-3778

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities arise from failing to detect or prevent...

LibVNCServer 缓冲区错误漏洞

LibVNCServer is a cross-platform C language library developed by LibVNC, which supports implementing VNC Virtual Network Computing server or client functions within programs. Versions of LibVNCServer prior to 0.9.15 contain a buffer error vulnerability. This vulnerability stems from heap...

Integer Overflow or Wraparound

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Denial-of-Service (DoS)

jsPDF is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unvalidated image dimensions in the addImage and html methods, where attacker-controlled BMP images with excessively large width or height values trigger excessive memory allocation, leading to out-of-memory errors and...

UltraVNC Launcher 安全漏洞

UltraVNC Launcher is a launcher for the remote control software developed by UltraVNC Corporation. Version 1.2.4.0 of UltraVNC Launcher contains a security vulnerability, which stems from improper handling of the relay host configuration fields, potentially leading to application crashes...