Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemcpy in libtiff/tifunix.c:346, when called from extractImageSection, located at tools/tiffcrop.c:6826. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIFF file. For users who compile...

Astra Linux - уязвимость в linux-5.10, linux-5.15

A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it does not check whether the chain is bound, and the owner rule of the chain may also release objects under...

Astra Linux - уязвимость в linux-5.10, linux

Dm-verity is used to extend the root-of-trust to root file systems. LoadPin builds upon this feature to restrict module/firmware loads to only the trusted root file system. Currently, device-mapper table reloads allow users with root privileges to replace the target with an equivalent dm-linear...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop errors within the hook verdict, and thus the nfhookslow function can cause a double-free vulnerabili...

Astra Linux - уязвимость в libxml2

Possible cross-site scripting vulnerability in libxml after commit 960f0e2...

Astra Linux - уязвимость в linux-5.15

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perfgroupdetach function did not check the attachstate of the event’s siblings before calling addeventtogroups, and the removeonexec function made it possible t...

Astra Linux - уязвимость в tiff

A out-of-bounds read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service attack through a crafted tiff file. For users who compile libtiff from source code, the fix is available in the commit 408976c4...

Astra Linux - уязвимость в tiff

In libtiff version 4.3.0, the unchecked dereference of a return value can allow attackers to trigger a denial-of-service attack through a crafted TIF file. For users who compile libtiff from source code, this issue has been fixed in the commit f2b656e2...

Astra Linux - уязвимость в tiff

In the libtiff 4.3.0 version of tiffcp, an accessible assertion allows attackers to cause a denial-of-service attack through a crafted tiff file. For users who compile libtiff from source code, this fix is available in the commit 5e180045...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, this fix is available in the...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3609 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds read vulnerability in tiffcrop, located at line 3701 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious tiff file. For users who compile LibTIFF from source code, the fix is available in the comm...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemcpy in libtiff/tifunix.c:346, when called from extractImageSection, located at tools/tiffcrop.c:6860. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A use-after-free vulnerability exists in the Linux kernel’s net/sched:clsu32 component, which can be exploited to gain local privilege escalation. If the tcfchangeindev function fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3516 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds read vulnerability in the writeSingleSection function located at line 7345 in the tools/tiffcrop.c file. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIFF file. For users who compile LibTIFF from source code, t...

PT-2026-42373

ydb-go-sdk's transactions are not committed using the options.WithCommit option on last call table.Transaction.Execute in transaction in github.com/ydb-platform/ydb-go-sdk...

CVE-2026-47092

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...

GHSA-RG3P-P27C-2F39 gohttp is vulnerable to directory traversal via a crafted request

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...