Astra Linux - уязвимость в edk2

EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability...

CVE-2026-31449

The CVE-2026-31449 entry concerns the Linux kernel ext4 extent code. A vulnerability was fixed in ext4_ext_correct_indexes where path[k].p_idx could point outside the valid index range if the on-disk eh_entries were corrupted, causing a slab-out-of-bounds read. The fix validates path[k].p_idx aga...

CVE-2025-47392

Memory corruption when decoding corrupted satellite data files with invalid signature offsets...

EUVD-2025-209230

Memory corruption when decoding corrupted satellite data files with invalid signature offsets...

CVE-2025-47392

Memory corruption when decoding corrupted satellite data files with invalid signature offsets...

CVE-2026-0954

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

CVE-2026-0954 Out-Of-Bounds Write When Opening a Corrupt DSB File in Digilent DASYLab

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

CVE-2026-0954 Out-Of-Bounds Write When Opening a Corrupt DSB File in Digilent DASYLab

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

Digilent DASYLab 安全漏洞

Digilent DASYLab is a graphical data acquisition and application development platform developed by Digilent, Inc. There is a security vulnerability in Digilent DASYLab, which stems from out-of-bound writing when loading corrupted DSB files. This vulnerability may lead to information leakage or th...

go-git 安全漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.16.5 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of data integrity values in the .pack and .idx files, which could lead to errors when...

CVE-2025-71116

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

CVE-2025-71116 libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

Denial Of Service (DoS)

org.jenkins-ci.main, jenkins-core is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling and closure of corrupted HTTP-based CLI connection streams, which allows an unauthenticated attacker to trigger a denial of service by sending malformed or corrupted connection...

CVE-2025-40312 jfs: Verify inode mode when loading from disk

In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 "isofs: Verify inode mode when loading from disk" does...

EUVD-2021-13190

Malware in sbrugna...

EUVD-2001-0906

Malware in sbrugna...

EUVD-2022-6473

Malicious code in bioql PyPI...

CVE-2025-58058 github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

OESA-2025-1503 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent...

CVE-2024-38797

EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability...