Astra Linux - уязвимость в qtbase-opensource-src

A issue was discovered in the private API function qDecodeDataUrl within QtCore, which is used in QTextDocument and QNetworkReply, and potentially in user code as well. If this function is called with malformed data—for example, a URL that contains a “charset” parameter without a value e.g.,...

CVE-2026-26311

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager FilterManager that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" UAF or state-corruption window where...

Envoy: HTTP - filter chain execution on reset streams causing UAF crash

Note: This vulnerability was originally reported to the Google OSS VRP Issue ID: 477542544. The Google Security Team requested that I coordinate directly with the Envoy maintainers for triage and remediation. I am submitting this report here to facilitate that process. Technical Details I have...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2024-38077 - MadLicense !Pythonhttps://img.shields.i...

CVE-2025-36924

CVE-2025-36924 describes an out-of-bounds write in ss_DecodeLcsAssistDataReqMsg() within ss_LcsManagement.c due to an incorrect bounds check. The impact is remote escalation of privilege with no additional execution privileges needed and no user interaction required. Connected sources include And...

ROS-20251030-09

A vulnerability in the qDecodeDataUrl function of the QtCore module of the Qt cross-platform development framework Qt software development framework is related to insufficient input data validation when processing the parameter charset. Exploitation of the vulnerability could allow an attacker...

ROS-20251030-10

A vulnerability in the qDecodeDataUrl function of the QtCore module of the Qt cross-platform development framework Qt software development framework is related to insufficient input data validation when processing the parameter charset. Exploitation of the vulnerability could allow an attacker...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414531)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414531 advisory. The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: qt5-qtbase (UTSA-2025-986101)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986101 advisory. An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the...

qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service

A flaw was found in QtCore's qDecodeDataUrl function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled...

OESA-2025-1757 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that...

qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service

A flaw was found in QtCore's qDecodeDataUrl function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled...

OESA-2025-1655 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that...

SUSE CVE-2025-5455

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...

DEBIAN-CVE-2025-5455

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...

AZL-64361 CVE-2025-5455 affecting package qt5-qtbase for versions less than 5.12.11-18

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...

Qt 输入验证错误漏洞

Qt is a cross-platform application development framework from the Qt open source. An input validation error vulnerability exists in Qt versions 5.15.18 and earlier, 6.0.0 through 6.5.8, 6.6.0 through 6.8.3, and 6.9.0, which results in a denial of service when malformed data is processed by functi...

SUSE CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.

...

DEBIAN-CVE-2021-42008

The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access...