EUVD-2026-30674

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set...

Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()

...

drupal-sa-core-2026-004-lab

SA-CORE-2026-004 — Lab, PoC, and Post-mortem Drupal core SQ...

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the column filter’s use of PHP arraycolumn. An attacker can bypass Twig sandbox property restrictions because arraycolumn accesses object...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevents potential Spectre v1 exploits. It seems that cmd could be a Spectre v1 exploit, as it is provided by a user and used as an array index. This vulnerability prevents the contents of kernel memory from being leake...

Astra Linux - уязвимость в dcmtk

There is an improper array index validation vulnerability in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43 – The property entry should be a null-terminated array. The software node does not specify a count of property entries; therefore, the array must be null-terminated. If terminated incorrectly, this can cause a fault ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not erase the value of ret in btrfsvalidatesuper. The commit 2a9bb78cfd36 “btrfs: validate the system chunk array in btrfsvalidatesuper” introduces a call to validatesyschunkarray in btrfsvalidatesuper. This call erases...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fixed an issue where accessing an array was done outside the bounds of the array for an enum type. Accessing enums using integers would result in accessing an array outside its bounds on platforms like...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: bcache: Fixed the abuse of variable-length arrays in btreeiter. btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ovl: Use the “buf” flexible array as the destination for memcpy. The “buf” flexible array must be used as the destination for memcpy to avoid false positive run-time warnings from the recent FORTIFYSOURCE hardening measures:...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A array indexing vulnerability was discovered in the netfilter subsystem of the Linux kernel. The absence of a certain macro could lead to an incorrect calculation of the offset of the h-nets array, giving attackers the ability to arbitrarily increment/decrement a memory buffer beyond its bounds...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fixed potential array out-of-bound access issues. A sentinel was added at the end of the maps to prevent potential array out-of-bound access in the iio core...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: Do not replace a page in the rqpages array if it is a continuation of the last page. The splice read function calls nfsdspliceactor to place the pages containing file data into the svcrqst-rqpages array. However, it is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limiting the number of signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, leading to NULL pointer dereferences and triggerin...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size. The plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of a certain minimum size. Currently, this is communicated only...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fixed warnings related to cancelsync on uninitialized workstructs. Betty reported encountering the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 … 8.713282 T221 Call trace:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint The arrayindexnospec function is useless if the result is spilled to the stack, as it makes the supposedly safe-under-speculation value subject to memory predictions. For all...

Astra Linux - уязвимость в firefox

If array shift operations are not used, the Garbage Collector may become confused regarding valid objects. This vulnerability affects Firefox versions less than 101...