768 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nfs: Handling of failures in nfsgetlockcontext during unlock path When memory is insufficient, the allocation of nfslockcontext in nfsgetlockcontext fails and returns -ENOMEM. If we mistakenly treat an nfs4unlockdata structure...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Added a NULL check in imxcardprobe The devmkasprintf function returns NULL when memory allocation fails. Currently, imxcardprobe does not check for this case, which results in a NULL pointer being dereferenced. A...
OESA-2026-1204 harfbuzz security update
HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string containing a sequence of Unicode codepoints, HarfBuzz selects and positions the corresponding glyphs from the font, applying all of the necessary layout rules and font features. HarfBuzz then returns the string to you in...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38160)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38160 advisory. - In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38145)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38145 advisory. - In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38214)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38214 advisory. - In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fbsetvar to prevent null-...
CVE-2026-22770
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will...
UBUNTU-CVE-2026-22770
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will...
CVE-2026-22770
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will...
CVE-2026-22770
CVE-2026-22770 affects ImageMagick: in BilateralBlurImage, the last element of a double-buffer set isn’t properly initialized inside AcquireBilateralTLS, leading to an invalid pointer being freed in DestroyBilateralTLS when memory allocation fails. The issue is fixed in version 7.1.2-13. Connecte...
CVE-2026-22770
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will...
MiracleLinux 8 : glibc-2.28-251.el8.2 (AXSA:2024-8156:07)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8156:07 advisory. glibc: Out of bounds write in iconv may lead to remote code execution CVE-2024-2961 The glibc packages provide the standard C libraries libc, POSIX...
MiracleLinux 9 : glibc-2.34-100.el9_4.2 (AXSA:2024-8145:06)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8145:06 advisory. glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT CVE-2024-2961 glibc: stack-based buffer overflow in netgroup cache CVE-2024-33599...
MiracleLinux 7 : glibc-2.17-326.el7.3 (AXSA:2024-8129:05)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8129:05 advisory. glibc: Out of bounds write in iconv may lead to remote code execution CVE-2024-2961 glibc: stack-based buffer overflow in netgroup cache...
CVE-2026-22693
A null pointer dereference vector has been discovered in the harfbuzz package. A null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh:1672-1673. The function fails to check if hbmalloc returns NULL before using placement ne...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdwutils: avoid NULL deref when devmkasprintf fails devmkasprintf may return NULL when memory allocation fails. However, the debug message prints cpus-dainame before checking it. Move the devdbg call after the NULL chec...
Astra Linux – Vulnerability in ffmpeg
A flaw was discovered in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services a...
Astra Linux – Vulnerability in mbedtls
In Mbed TLS versions prior to 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uninitialized stack memory was used to construct the TLS Finished message. This could potentially lead to authentication bypasses, such as replay attacks...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc for the WS buffer in amdgpuatomexecutetablelocked. kcalloc may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.wssize is set. This can lead to a potential NULL pointe...
SUSE CVE-2026-22693
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...