12714 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Corrected the allocation size for bytes controls. The size of the data behind scontrol-ipccontroldata for bytes controls is as follows: 1 sizeofstruct sofipc4controldata + // kernel-only struct 2...
Astra Linux – Vulnerability in Systemd
Systemd, a system and service manager, as PID 1 encounters an assertion error and freezes execution when an unprivileged IPC API call is made with spurious data. In versions v249 and earlier, the effect is not an assertion error, but stack overwriting, with the content being controlled by the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fixed a deadlock between nfcunregisterdevice and rfkillfopwrite. A deadlock can occur between nfcunregisterdevice and rfkillfopwrite due to the inverted lock order between devicelock and rfkillglobalmutex. The problemat...
Astra Linux – Vulnerability in Chromium
The use of after-free in WebRTC in Google Chrome before version 147.0.7727.55 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: ipc: Fix for use-after-free in ipcmsgsendrequest The ipcmsgsendrequest function waits for a generic netlink reply using an ipcmsgtableentry on the stack. The generic netlink handler handlegenericevent/handleresponse fil...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: nfc: llcp: Fixed a memory leak in nfcllcpsenduiframe. syzbot reported various memory leaks related to NFC, struct nfcllcpsock, skbuff, nfcdev, etc. 0 The leading log hinted that nfcllcpsenduiframe failed to allocate skb due to...
CVE-2026-52923
In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...
CVE-2026-52923
In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...
CVE-2026-52923 ipc: limit next_id allocation to the valid ID range
In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...
Astra Linux – Vulnerability in Chromium
A stack buffer overflow in WebRTC in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption through a crafted HTML page. Chromium security severity: High...
Malicious code in zomato-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a12373009dd17131e45f4d20570904f2b8074367ee8b121e60a3ce5764fa00 The package's package.json declares a preinstall lifecycle hook that runs curl to POST the installer's hostname, whoami, current working directory, a...
MAL-2026-6253 Malicious code in zomato-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a12373009dd17131e45f4d20570904f2b8074367ee8b121e60a3ce5764fa00 The package's package.json declares a preinstall lifecycle hook that runs curl to POST the installer's hostname, whoami, current working directory, a...
CVE-2026-56208
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-12461
An out of bounds read flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517727318...
PT-2026-50829
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP affected versions not specified Description An Expected Behavior Violation allows a remote attacker to cause a denial-of-service DoS condition. By continuously...
Malicious code in final-poc-usa (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3c22cc39c10bad2886efadd5b8667bc3c0b70e51efdec8f7f75e801c370c90b Source: ossf-package-analysis 6cc39e355e69ec11b0532da1e2b2a418601a4c5594b100ba6f054f0e52be44be The OpenSSF Package Analysis project identified...
Malicious code in final-shoaib (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a4b7c42d877e678dab0b56186898c13b0e537f9371ce2a3beee0fdf7279ef6d Source: ossf-package-analysis f67c342dc8bb7b3c1a396b89796f09865373db04cd9b08034e6087bf47b324ef The OpenSSF Package Analysis project identified...
CVE-2026-0083
In Nfc::eventCallback of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
[SECURITY] Fedora 44 Update: nss-3.124.0-1.fc44
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
CVE-2026-0083
In Nfc::eventCallback of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...