Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A issue was discovered in the Linux kernel through version 6.0.10. In the file drivers/media/dvb-core/dvbcaen50221.c, a use-after-free condition can occur due to the lack of a waitevent after a disconnection occurs...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: media: dvb-usb-v2: gl861: Fixed nullptrderef in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Maliciou...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: media: dvbdev: Fixed a memory leak in dvbMediaDeviceFree. The function dvbMediaDeviceFree leaks memory. It is necessary to free the dvbdev-adapter-conn object before setting it to NULL, as documented in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fixed a use-after-free in vidtvbridgedvbinit. KASAN reports a use-after-free: BUG: KASAN: Use-after-free in dvbdmxdevrelease+0x4d5/0x5d0 dvbcore. Call trace: … dvbdmxdevrelease+0x4d5/0x5d0 dvbcore...

Astra Linux - уязвимость в linux, linux-5.10

In the file drivers/media/dvb-core/dmxdev.c within the Linux kernel, up to version 5.19.10, a use-after-free condition has occurred due to race conditions related to reference counts, affecting the functions dvbdemuxopen and dvbdmxdevrelease...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: media: dvb-usb-v2: af9035: Fixed a nullptrderef in af9035i2cmasterxfer. In af9035i2cmasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25310 VideoFlow Digital Video Protection DVP 2.10 - Authenticated Remote Code Execution

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

VideoFlow Digital Video Protection 路径遍历漏洞

VideoFlow Digital Video Protection is a broadcast-grade video transmission device developed by VideoFlow Corporation in the United States. Version 2.10 of VideoFlow Digital Video Protection contains a path traversal vulnerability. This vulnerability stems from authenticated directory traversal,...

PT-2026-35994

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download xml.pl,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010779 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice -...

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life EoL TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to explo...

New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks

Cybersecurity researchers at Fortinet have discovered Nexcorium, a new Mirai-based malware targeting TBK DVR systems to turn them into a botnet for DDoS attacks...

CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-31405 media: dvb-net: fix OOB access in ULE extension header tables

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

PT-2026-30573

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the dvb-net module related to out-of-bounds access in ULE extension header tables. The ule mandatory ext handlers and ule optional ext handlers...