13518 matches found
Malicious code in @rui.branco/sentry-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8504c65903895f53054fc6df861469ddbac73c130793bd784d47eca8ef2cd65b On every load of index.js the package's main and bin entry, the package queries GitHub for the latest commit SHA on HEAD of rui-branco/sentry-mcp and...
CVE-2026-36189
Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustifyd-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the checktemplate.cpp, checktemplate function, tokenizecleanup function, uncrustify...
EUVD-2026-31287
Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustifyd-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the checktemplate.cpp, checktemplate function, tokenizecleanup function, uncrustify...
GO-2026-4983 ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction in github.com/ydb-platform/ydb-go-sdk
ydb-go-sdk's transactions are not committed using the options.WithCommit option on last call table.Transaction.Execute in transaction in github.com/ydb-platform/ydb-go-sdk...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for leaking uninitialized memory in the fast-commit journal When space at the end of the fast-commit journal blocks is unused, make sure to zero it out so that uninitialized memory is not leaked to the disk...
Astra Linux - уязвимость в graphviz
A buffer overflow in the Graphviz Graph Visualization Tools, starting from the commit ID f8b9e035 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service application crash by loading a crafted file into the "lib/common/shapes.c" component...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: The current directory offset allocator based on mtreealloccyclic stores the next offset value to be returned in octx-nextoffset. This mechanism typically returns values that increase monotonically over time. Eventually, however,...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is initialized to zero. It is changed during the loop; however, if it isn’t changed, it will remain zero. Add a variable check before the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Added the drmcrtccommitPut operation. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait on previous FIFO users before a commit” introduced a global state for the HVS, where each FIFO stores the current CRTC commit. This allow...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixing access to uninitialized locks in the fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with the fast-commit feature enabled: INFO: Trying to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed ext4mbmarkbb with flexbg and fastcommit. In the case of the flexbg feature which is enabled by default, extents for any given inode may span across blocks from two different block groups. ext4mbmarkbb only reads the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoided using partially committed contexts One major use of damoncall is the update of DAMON parameters during operation. This is done by calling damoncommitctx within the damoncall callback function. damoncommitct...
Astra Linux - уязвимость в freetype
It was discovered that the FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f contains a heap buffer overflow issue through the sfntinitface function...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: dm thin: Use the last transaction’s pmd-root when commit fails Recently, we discovered a problem with a softlockup in the dm thin pool’s btree lookup code due to corrupted metadata. Kernel panic – not syncing: softlockup: hung...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null check was added for toppipetoprogram in the commitplanesforstream function. This fix addresses a null pointer dereferencing issue in the commitplanesforstream function at line 4140. The issue could occur...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed error handling in ext4fcrecordmodified inode. The current code does not properly handle the krealloc error case, which could lead to silent memory corruption or a kernel bug. This patch addresses that issue...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: NFSv4: Fixed an error in pnfsmarkrequestcommit, when performing ODIRECT operations. Fixed an error-prone condition in pnfsmarkrequestcommit, when adding a set of write operations to the commit list in order to reschedule them...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid journaling SB updates in case the journal destroys it upon error. Currently, we always encounter a BUGON when attempting to start a transaction on a journal marked with JBD2UNMOUNT, since this should never happen...
PT-2026-42373
ydb-go-sdk's transactions are not committed using the options.WithCommit option on last call table.Transaction.Execute in transaction in github.com/ydb-platform/ydb-go-sdk...
CVE-2026-47092
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...