Hikvision IP ping.php - Command Execution

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fixed a use-after-free in vidtvbridgedvbinit. KASAN reports a use-after-free: BUG: KASAN: Use-after-free in dvbdmxdevrelease+0x4d5/0x5d0 dvbcore. Call trace: … dvbdmxdevrelease+0x4d5/0x5d0 dvbcore...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: media: dvb-usb-v2: af9035: Fixed a nullptrderef in af9035i2cmasterxfer. In af9035i2cmasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A issue was discovered in the Linux kernel through version 6.0.10. In the file drivers/media/dvb-core/dvbcaen50221.c, a use-after-free condition can occur due to the lack of a waitevent after a disconnection occurs...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvbmediadevicefree dvbmediadevicefree is leaking memory. Free dvbdev-adapter-conn before setting it to NULL, as documented in include/media/media-device.h: "The mediaentity instance itself must b...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvbdemuxopen and dvbdmxdevrelease...

CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on startstreaming failure syzbot reported a memory leak in vidtvpsiservicedescinit 1. When vidtvstartstreaming fails inside vidtvstartfeed, the nfeeds counter is left incremented even...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010779 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice -...

CVE-2026-40069

The vulnerability affects the BSV Ruby SDK (gem) prior to version 0.8.2, specifically BSV::Network::ARC failure detection. From 0.1.0 to 0.8.1, ARC only recognizes REJECTED and DOUBLE_SPEND_ATTEMPTED; responses with txStatus values INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containin...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

PT-2026-30573

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule mandatory ext handlers and ule optional ext handlers tables in handle one ule extension are declared with 255 elements valid indices 0-254, but the index htype...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

UBUNTU-CVE-2026-2923

GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

GHSA-228V-WC5R-J8M7 OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream

Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005670 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice -...

MiracleLinux 8 : kernel-4.18.0-513.9.1.el8_9 (AXSA:2024-7403:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7403:01 advisory. kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe CVE-2023-2163 kernel: tun: bugs for oversize...