CVE-2026-20450

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch...

CVE-2026-20450

CVE-2026-20450 affects the Modem component. The issue is a crash caused by incorrect error handling, which can lead to remote denial of service if a user equipment connects to a rogue base station controlled by an attacker. No user interaction is required; exploitation is scoped to adjacent acces...

CVE-2026-20449

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

EUVD-2026-26889

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

CVE-2026-20449

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

CVE-2026-20449

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

CVE-2026-20449

CVE-2026-20449 concerns a vulnerability in Modem where a heap buffer overflow can cause a system crash, leading to remote denial of service. Exploitation could occur if a device connects to a rogue base station controlled by an attacker, with no additional execution privileges and no user interac...

CVE-2026-42369 GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...

Malicious Package

Overview @pyme-web/ui-base is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PT-2026-36768

Name of the Vulnerable Software and Affected Versions MediaTek MT2735 affected versions not specified Description Incorrect error handling in the Modem can cause a system crash. This allows a remote denial of service if a User Equipment UE connects to a rogue base station controlled by an attacke...

PT-2026-36767

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A heap buffer overflow in the system can cause a system crash, potentially leading to a remote denial of service. This occurs if a User Equipment UE connects to a rogue base station controlled ...

Astra Linux – Vulnerability in qtbase-opensource-src

Before Qt 6.4.3, a denial-of-service attack was possible due to a crafted string when using the SQL ODBC driver plugin, especially if the size of SQLTCHAR was 4. The affected versions include 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the gstopusdecparseheader function within gstopusdec.c. The pos array is a stack-allocated buffer of size 64. If nchannels exceeds 64, the for loop will write beyond the...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: cxgb4: Avoid accessing registers when clearing filters. A hardware register that contains the server TID base can contain invalid values when the adapter is in a faulty state for example, due to an AER fatal error. Reading these...

Astra Linux – Vulnerability in Node-Elliptic

The Elliptic package 6.5.7 for Node.js, in its ECDSA implementation, does not correctly verify valid signatures when the hash contains at least four leading 0 bytes, and when the order of the elliptic curve’s base point is smaller than the hash, due to an truncateToN anomaly. This results in vali...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing the DMACR register The chapter “B Generic UART” in “ARM Server Base System Architecture” 1 describes a generic UART interface. Such a generic UART does not support DMA. In current cod...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k: Handle lock during peerid find The ath12kpeerfindbyid function requires that the caller holds the ab-baselock. Currently, the WBM error path does not hold the lock, and calling that function leads to the following...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: A potential memory leak has been fixed in setupbasectxt. setupbasectxt allocates a memory chunk for uctxt-groups using hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which can lead to a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Fixed a null-ptr-deref issue in inode-iop in ntfslookup. Syzbot reported a null-ptr-deref bug: ntfs3: loop0: The sector size of NTFS is 1024, while the media sector size is 512. ntfs3: loop0: Marking the volume as...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver, along with the ad7091r-base driver. These drivers declare iio events to notify user space when ADC readings fall...