Astra Linux - уязвимость в binutils

Heap buffer overflow vulnerability in binutils’ readelf before version 2.40, caused by the displaydebugsection function in the readelf.c file...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in the GNU Binutils through version 2.31. There is a heap-based buffer overflow in the bfdelf32swapphdrin function in elfcode.h, because the number of program headers is not restricted...

Astra Linux - уязвимость в python3.7

A flaw was discovered in Python. In algorithms with quadratic time complexity that use non-binary bases, when using int“text”, a system may take 50 milliseconds to parse an int string with 100,000 digits, and 5 seconds for strings with 1,000,000 digits. Functions like float, decimal, int.frombyte...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Consider the return from setmemoryrox when using bpfjitbinarylockro. setmemoryrox may fail, leaving memory unprotected. Check the return value and bail out if bpfjitbinarylockro returns an error...

Astra Linux - уязвимость в python3.7

The readints function in plistlib.py in Python from version 3.9.1 is vulnerable to a potential Distributed Denial-of-Service DoS attack due to CPU and RAM exhaustion when processing malformed Apple Property List files in binary format...

Astra Linux - уязвимость в libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can lead to an integer overflow when processing the directory from the file, allowing an out-of-bounds ind...

Astra Linux - уязвимость в binutils

Heap-based Buffer Overflow in the bfdgetl32 function in Binutils objdump 3.37...

Astra Linux - уязвимость в binutils

GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper input validation, signed/unSigned comparison, out-of-bounds reading. The impact is: Denial of service. The component involved is: gold/fileread.cc:497, elfcpp/elfcppfile.h:644. The attack vector is: An ELF file...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: A memory leak was fixed in loadelfbinary. There is also a memory leak reported by kmemleak: Unreferenced object: 0xffff88817104ef80 size 224 Command: xfsadmin, PID: 47165, jiffies: 4298708825 age: 1333.476 seconds H...

Astra Linux - уязвимость в binutils

A issue was discovered in the mergestrings function in the merge.c file within the Binary File Descriptor BFD library also known as libbfd, as part of the GNU Binutils 2.31. There is a NULL pointer dereferencing issue when attempting to merge sections with large alignments using bfdaddmergesectio...

Astra Linux - уязвимость в binutils

There is a flaw in the bfdpefparsefunctionstubs function within bfd/pef.c in the binutils in versions prior to 2.34. This flaw could allow an attacker who can submit a crafted file to be processed by objdump to cause a NULL pointer derefrence error. The most significant threat of this flaw is to...

Astra Linux - уязвимость в binutils

There is a flaw in binutils /bfd/pef.c. An attacker who can submit a crafted input file for processing by the objdump program could cause a null pointer dereference. The greatest threat of this flaw is to the availability of the application. This flaw affects binutils versions prior to 2.34...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmac: cfg80211 – Pass the PMK in binary instead of hex. It appears that the hex-based passphrase mechanism does not work on newer chips/firmwares e.g., BCM4387. There was actually a simpler way to pass the data in binary,...

Astra Linux - уязвимость в libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of v1.14.52 in the GNOME Project’s G Structured File Library libgsf. A specially crafted file can lead to an integer overflow, allowing for a heap-based buffer overflow when processing the sector...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.31. A heap-based buffer overflow in the bfdgetl32 function in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow that leads to a segmentation fault in bfddwarf2findnearestline in dwarf2.c, as demonstrated by the nm tool...

MAL-2026-4449 Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

MAL-2026-4652 Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

Malicious code in crypto-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2e9ca362c982e5c75ed96c626b87ca91d85fb6cb52c89c7a8def86851017b8 Package name typosquats the widely-used crypto-js library and mirrors its API surface, README, and repository references to appear legitimate...