Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limits the number of bytes that can be read from I2C to I2CSMBUSBLOCKMAX. The commit effa453168a7 "i2c: i801: Do not silently correct invalid transfer size" revealed that ee1004eepromread does not properly limit t...

CVE-2026-40192

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

CVE-2025-40277

Mode C: Vulnerability: CVE-2025-40277 affects the Linux kernel, specifically drm/vmwgfx. Root cause: insufficient validation of the command header size against SVGA_CMD_MAX_DATASIZE, allowing an input originating from userspace to influence buffer offset calculations and potentially cause an out-...

SUSE CVE-2022-50575

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than= MAXORDER, then kcalloc will fail, it creates a stack trace and messes up dmesg...

EUVD-2016-3247

Malware in sbrugna...

EUVD-2021-14464

Malware in sbrugna...

CVE-2025-32024

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...

SUSE CVE-2024-50218

In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2truncateinline maybe overflow Syzbot reported a kernel BUG in ocfs2truncateinline. There are two reasons for this: first, the parameter value passed is greater than ocfs2maxinlinedatawithxattr, second, the...

GHSA-9CFV-9463-8GQV freewvs vulnerable to denial of service through large files

Impact A user could create a large file that freewvs will try to read, which will terminate a scan process. Patches This has been patched by limiting the data freewvs reads: https://github.com/schokokeksorg/freewvs/commit/18bbf2043e53f69e0119d24f8ae4edb274afb9b2...

Medium: ecs-init

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

AZL-39984 CVE-2023-45288 affecting package moby-cli for versions less than 24.0.9-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

PT-2023-31544

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions prior to 26.1 Bitcoin Knots versions prior to 25.1.knots20231115 Description Datacarrier size limits can be bypassed by obfuscating data as code, such as by using OP FALSE OP IF. This issue was exploited in the wild by...

CVE-2023-21174

CVE-2023-21174 is a vulnerability in Android 13 affecting the isPageSearchEnabled function of BillingCycleSettings.java. The issue allows a guest user to bypass permissions and change data limits, resulting in local privilege escalation with no additional execution privileges and with no user int...

Code injection

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data...

CVE-2022-41725

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

CVE-2018-18959

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...

UBUNTU-CVE-2016-2146

The amreadpostdata function in modauthmellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service worker process crash, web server deadlock, or memory consumption via a large amount of POST data...

CentOS 3 / 4 : curl (CESA-2010:0329)

Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CMS little (index.php term) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== CMS little index.php term Remote SQL Injection Exploit ======================================================== ?!/usr/bin/perl -w...