4651 matches found
Astra Linux - уязвимость в ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was detected within the smsdecodeaddressfield function during the SMS PDU decoding process. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, ...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: NFSD: prevented underflow in nfssvcdecodewriteargs Smatch reported the issue as follows: fs/nfsd/nfsxdr.c:341 nfssvcDecodeWriteArgs Warning: no lower bound on ‘args-len’ The type of the variable has been changed to unsigned to...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: Added protection against bmp length being out of range. The UBSAN load reports an exception due to bitwise shifts that are out of bounds for their data type. For example: vmlinux getbitmapb=75 + 712...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: ceph: Avoid putting the realm twice when decoding snaps fails. When decoding snaps fails, it may leave the firstrealm and realm pointing to the same snaprealm memory. Doing this twice could lead to random use-after-free issues,...
Astra Linux - уязвимость в ffmpeg5
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, there is a potential security vulnerability due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: fixed NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has a regression starting from 6.18-rc1. There is an issue in cephmdsauthmatch if fsname is NULL: c const char fsname =...
Astra Linux - уязвимость в libpng1.6
A issue has been identified in third-party PNM decoding related to libpng 1.6.35. It is a stack-based buffer overflow in the gettoken function located in the pnm2png.c file within pnm2png...
Astra Linux - уязвимость в openh264
OpenH264 is a free license codec library that supports H.264 encoding and decoding. A vulnerability in the decoding functions of the OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability arises from a race condition between the Sequen...
Astra Linux - уязвимость в libsdl1.2, libsdl2
SDL Simple DirectMediaLayer from version 1.2.15 to 2.x, and from version 2.0.9 to 2.0.9, has a heap-based buffer overflow issue in the MSADPCMDecode function within audio/SDLwave.c...
Astra Linux - уязвимость в openimageio
There is a heap-based buffer overflow vulnerability in the tile decoding code of the TIFF image parser in OpenImageIO’s master-branch-9aeece7a and v2.3.19.0. A specially crafted TIFF file can lead to out-of-bounds memory corruption, which may result in arbitrary code execution. An attacker can...
Astra Linux - уязвимость в libde265
Libde265 v1.0.8 was discovered to contain an unknown crash via ffhevcputhevcqpelh3v3sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted video file...
Astra Linux - уязвимость в netty
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high-performance protocol servers and clients. Before version 4.1.59.Final, there was a vulnerability on Unix-like systems involving an insecure temporary file. When Netty’s...
Astra Linux - уязвимость в firefox, thunderbird
A out-of-bounds read can occur during the decoding of H264 videos. This can lead to a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Astra Linux - уязвимость в ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodedeliver function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS. There i...
Astra Linux - уязвимость в ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was triggered within the decodesubmitreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through...
Astra Linux - уязвимость в ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was triggered within the decodedeliverreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through...
Astra Linux - уязвимость в libde265
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265...
OESA-2026-2166 opencryptoki security update
openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...
OESA-2026-2165 opencryptoki security update
openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...
CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...