Astra Linux - уязвимость в containerd

Containerd is an open-source container runtime. Prior to versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where no limit was applied could cause a denial of service. This bug ha...

Unity Linux 20.1060e / 20.1070e Security Update: git (UTSA-2026-017630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017630 advisory. Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files...

GHSA-W5G8-5849-VJ76 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

Summary NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without validation, allowing an attacker to bypass chunked streaming and...

GHSA-FPG4-JHQR-589C SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)

Some relatively small inputs can cause very large files arrays in form handlers. If the SvelteKit application code doesn't check files.length or individual files' sizes and performs expensive processing with them, it can result in Denial of Service. Only users with experimental.remoteFunctions:...

containerd: OCI image importer memory exhaustion

A flaw was found in containerd. When importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file, where a limit was not applied could cause a denial of service...

openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation

A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the openssl dgst command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection...

openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation

A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the openssl dgst command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection...

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

TencentOS Server 3: git-lfs (TSSA-2025:0996)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0996 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

MiracleLinux 9 : git-lfs-3.6.1-4.el9_7 (AXSA:2025-11633:09)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-11633:09 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the...

ROS-20251203-13

A vulnerability in the checkout and pull functions of the Git extension for version control of large Git LFS files is related to incorrect definition of symbolic links during file access. Exploitation of the vulnerability could allow an attacker acting remotely to gain write access to arbitrary...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989599 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix f2fsbugon when uninstalling filesystem call f2fsevictinode. creating a large files duri...

TencentOS Server 4: git-lfs (TSSA-2025:0846)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0846 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

[SECURITY] Fedora 42 Update: git-lfs-3.7.1-1.fc42

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

[SECURITY] Fedora 43 Update: git-lfs-3.7.1-1.fc43

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

[SECURITY] Fedora 41 Update: git-lfs-3.7.1-1.fc41

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

DEBIAN-CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

EUVD-2020-0081

Malware in sbrugna...

DEBIAN-CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...