Astra Linux - уязвимость в ppp

A vulnerability classified as problematic has been discovered in ppp. The affected function is dumpppp in the file pppdump/pppdump.c of the pppdump component. Manipulation of the arguments spkt.buf/rpkt.buf leads to improper validation of array indices. The real existence of this vulnerability is...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fsinitpagearraycache’: fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between 1 and 7 bytes...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: Codecs: va-macro: Fix for accessing an array out of bounds for an enum type. Accessing enums using integers would result in accessing an array out of bounds on platforms like aarch64, where sizeoflong is 8 compared to the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parseintarray The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platformdeviceregister errors x86androidtabletremove frees the pdevs array, so it should not be used after calling x86androidtabletremove. When platformdeviceregister fails...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: panasonic-laptop: Fixed out-of-bounds accesses to the SINF array. The panasonic laptop code in various places uses the SINF array with index values ranging from 0 to SINFCURBRIGHT0x0d, without checking whether the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fixed an issue where accessing an array was done outside its bounds for an enum type. Accessing enums using integers resulted in out-of-bounds access on platforms like aarch64, where sizeoflong is 8, whereas...

Astra Linux - уязвимость в libreoffice

Improper validation of the array index vulnerability in The Document Foundation LibreOffice’s spreadsheet component allows an attacker to create a spreadsheet document that causes an array index underflow upon loading. In the affected versions of LibreOffice, certain malformed spreadsheet formula...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix off by one in ep93xxdivrecalcrate The psc-div array has psc-numdiv elements. These values come from when we call clkhwregisterdiv. It's adcdivisors and ARRAYSIZEadcdivisors and so on. So this condition needs to...

Astra Linux - уязвимость в webkit2gtk

Several issues were addressed by disabling array allocation sinking. This issue has been fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, and visionOS 26.1. Processing maliciously crafted web content may result in an unexpected process crash...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeatcallfn damonsysfsrepeatcallfn calls damonsysfsupdtunedintervals, damonsysfsupdschemesstats, and damonsysfsupdschemeseffectivequotas without checking contexts-nr. If nrcontexts is set to ...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd 1, but the driver does not check whether the array index is out of bounds when writi...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: fixed an array-index-out-of-bounds issue in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 The index -878706688 is out of range for the type 'struct iagctl128' CPU: 1 PID: 5065 Comm:...

Astra Linux - уязвимость в postgresql-11

A flaw was discovered in PostgreSQL that allows authenticated database users to execute arbitrary code through insufficient overflow checks during SQL array value modifications. This issue arises due to an integer overflow during array modifications, where a remote user can trigger the overflow b...

OESA-2026-2178 musl security update

musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards conforman...

Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption

In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...

SUSE CVE-2026-31702

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

Linux Distros Unpatched Vulnerability : CVE-2026-31702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblockin...

MixPHP Framework has an SQL injection vulnerability via crafted `data` array

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the joinOn process in BuildHelper.php when a crafted on array is supplied. An attacker can execute arbitrary SQL commands by injecting malicious input. Remediation There is no fixed version for mix/mix. References -...