Astra Linux - уязвимость в ffmpeg

A buffer overflow vulnerability exists in FFmpeg 4.2 in the movwritevideotag function, due to an out-of-bounds access in the libavformat/movenc.c file. This vulnerability could allow a remote malicious user to obtain sensitive information, cause a Denial of Service, or execute arbitrary code...

Astra Linux - уязвимость в webkit2gtk

A logic issue has been resolved through improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. A malicious application may be able to leak sensitive user information...

Astra Linux - уязвимость в openimageio

There is an information disclosure vulnerability in the DPXOutput::close function of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput object can lead to the leakage of heap data. An attacker can provide malicious input to trigger this vulnerability...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fixed a data leak in the mmioread function. The mmioread function calls a TDVMCALL to retrieve MMIO data for a given address from the VMM. Sean noticed that mmioread inadvertently exposes the value of an initialized...

Malicious code in silly-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2eecfbfdbeccf66833713755c8dffe5f7732119e5d82022a847c508dfef619b0 The package advertises itself as a general-purpose logger, but every call to its debug/info/warn/error/critical methods unconditionally POSTs the...

UBUNTU-CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

Malicious code in qr-code-styling-temp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper path validation in the repository checkout process. An attacker can modify files outside the intended target directory, including .git directories, by supplying a maliciously crafted repository payloa...

CVE-2026-8706

Summary: CVE-2026-8706 affects Firefox for iOS Reader mode when it runs its own unauthenticated local web server. The issue allows another app on the same device to request arbitrary URLs and receive the response rendered using the signed-in user’s cookies. Affected component: Firefox for iOS Rea...

CVE-2026-25850

CVE-2026-25850 concerns OpenHarmony, affecting v6.0 and earlier, where the component filemanagement_storage_service improperly preserves permissions. The result is a local attacker can cause an information leak. The CVSS score is 5.5 (Medium); vectors: Local access, low attack complexity, low pri...

CVE-2026-31071

CVE-2026-31071 affects LalanaChami Pharmacy Management System (version 5c3d028). The API endpoints lacking authentication middleware are "/api/user/getUserData" and "/api/doctorOder", enabling unauthenticated remote attackers to dump all user records (including bcrypt password hashes), modify dru...

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2026-20685

Technical details about CVE-2026-20685 are not publicly available in the provided documents. Monitor for updates.

OPENSUSE-SU-2026:20764-1 Security update for glibc

This update for glibc fixes the following issues - CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application bsc1261206. - CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width 1024 bsc1262465. - CVE-2026-5928: libio: ungetwc...

SUSE-SU-2026:21751-1 Security update for glibc

This update for glibc fixes the following issues - CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application bsc1261206. - CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width 1024 bsc1262465. - CVE-2026-5928: libio: ungetwc...

SUSE CVE-2026-8545

Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

Updated samba packages fix security vulnerabilities

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. CVE-2018-14628 Command injection in wins server hook...