CVE-2025-41669 Insufficient Verification of Data Authenticity

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

JLSEC-2026-537

A flaw was found in OpenJPEG’s encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

Astra Linux - уязвимость в openjpeg2

A flaw was discovered in OpenJPEG’s encoder, specifically in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can provide crafted inputs for the decomposition levels to cause a buffer overflow. The greatest threat of this vulnerability is to system availability...

Astra Linux - уязвимость в nettle

A flaw was discovered in Nettle versions prior to 3.7.2. In these versions, several Nettle signature verification functions—GOST DSA, EDDSA, and ECDSA—result in the Elliptic Curve Cryptography point ECC’s multiply function being called with out-of-range scalers. This may lead to incorrect results...

Astra Linux - уязвимость в tar

A flaw was discovered in the src/list.c file of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The greatest threat posed by this vulnerability is to system availability...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick’s coders, specifically in the webp.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The most significant threat of this vulnerability is the impact on system...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image file to have it processed by OpenEXR, resulting in a floating-point exception error. The greatest threat posed by this vulnerability is to system availabili...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick, specifically in the MagickCore/visual-effects.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The greatest threat of this vulnerability is to system...

Astra Linux - уязвимость в postgresql-11

A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, ther...

Astra Linux - уязвимость в linux

A out-of-bounds memory write flaw was discovered in the listdevices function within drivers/md/dm-ioctl.c in the Multi-device driver module of the Linux kernel before version 5.12. A bound check failure allows an attacker with special user CAPSYSADMIN privileges to gain access to out-of-bounds...

ROS-20260520-73-0046

A vulnerability in the ANGLE library of Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow a remote attacker to compromise the confidentiality, integrity and availability of protected information...

CVE-2026-22924

CVE-2026-22924 affects SIMATIC CN 4100 (all versions < V5.0). The vulnerability arises from insufficiently restricted unauthenticated connections, enabling resource exhaustion that can disrupt operations and potentially impact system availability and integrity. Connected references reiterate t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017467 advisory. A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain command...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017478 advisory. A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, usi...

Unity Linux 20.1060e / 20.1070e Security Update: rpm (UTSA-2026-017547)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017547 advisory. A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017513 advisory. A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...

CVE-2026-25077

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file processed by OpenEXR to trigger an integer overflow. The greatest threat of this vulnerability is to system availability...

Astra Linux - уязвимость в openexr

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability...

Astra Linux - уязвимость в xorg-server

A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...