Astra Linux - уязвимость в ofono

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2026-45036 Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

CVE-2025-71285

A flaw was found in the Linux kernel's qrtr driver. A race condition in the Modem Host Interface MHI autoqueue feature for Inter-Processor Communication Router IPCR downlink channels can lead to a NULL pointer dereference. This occurs because a callback function may be invoked before the qrtr...

CVE-2025-71255

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71256

In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71252

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71253

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71254

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71256

CVE-2025-71256 affects the nr modem component. The issue is improper input validation that can allow remote denial of service without additional privileges. Attack vector is network with no user interaction; impact is availability degradation (CVE scored with CVSS v3.1 base 7.5, HIGH). Root cause...

CVE-2025-71256

In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71256

In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

EUVD-2025-209657

In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71256

In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71255

Technical details are not publicly available in the provided documents. Monitor for updates from the vendor and CVE databases to confirm affected products, root cause specifics, and remediation.

EUVD-2025-209655

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71255

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71255

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71255

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-71254

Technical details are not publicly available in the provided documents. Monitor for updates.

EUVD-2025-209653

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...