Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: Do not acquire a non-existent lock in alloctagtopusers. alloctagtopusers attempts to lock alloctagcttype-modlock, even when alloctagcttype is not allocated. This occurs because: 1. Allocating tags is disabled since...

CVE-2026-6533 Improperly Controlled Sequential Memory Allocation in Wireshark

Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

UBUNTU-CVE-2022-50679

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for i=0; i=8160; i=i+32 do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g...

EUVD-2017-14912

Malware in sbrugna...

Unity Linux 20.1070e Security Update: systemd (UTSA-2025-680659)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680659 advisory. basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathnam...

EUVD-2025-25081

Malicious code in bioql PyPI...

EUVD-2021-9820

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-38517

In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: do not acquire non-existent lock in alloctagtopusers alloctagtopusers attempts to lock alloctagcttype-modlock even when the alloctagcttype is not allocated because: 1 alloc tagging is disabled because mem profiling ...

CVE-2025-38517

CVE-2025-38517 is a Linux kernel issue in lib/alloc_tag where alloc_tag_top_users() may lock alloc_tag_cttype->mod_lock even when alloc_tag_cttype is NULL or invalid, leading to a crash on memory allocation failure. The root cause is that alloc_tag_cttype can be NULL or an error value in scena...

CVE-2025-38517

In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: do not acquire non-existent lock in alloctagtopusers alloctagtopusers attempts to lock alloctagcttype-modlock even when the alloctagcttype is not allocated because: 1 alloc tagging is disabled because mem profiling ...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2025-1928)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers...

SQLite DoS Vulnerability 3.49.0 < 3.49.1

The version of SQLite installed on the remote host is prior to 3.49.1 and is, therefore, affected by dos vulnerability where a certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer...

AZL-68976 CVE-2025-21750 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of ofpropertyreadstringindex Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random...

CVE-2024-23851

copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel-datasize check. This is related to ctlioctl...

Important: Red Hat Security Advisory: iperf3 security update

An update for iperf3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

SUSE CVE-2007-6451

Unspecified vulnerability in the CIP dissector in Wireshark formerly Ethereal 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service crash via unknown vectors that trigger allocation of large amounts of memory...

SUSE CVE-2018-10958

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call...

GHSA-GF88-J2MG-CC82 Crash caused by integer conversion to unsigned

Impact An attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments: python import tensorflow as tf from tensorflow.python.ops import genboostedtreesops import numpy as np v= tf.Variable0.0, 0.0, 0.0, 0.0, 0.0...

PYSEC-2021-574

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...

OPENSUSE-SU-2021:0628-1 Security update for nim

This update for nim fixes the following issues: num was updated to version 1.2.12: Fixed GC crash resulting from inlining of the memory allocation procs Fixed “incorrect raises effect for $NimNode” 17454 From version 1.2.10: Fixed “JS backend doesn’t handle float-int type conversion “ 8404 Fixed...