6673 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in isexecutablesection The comparison should be = to prevent an out of bounds array access...
Astra Linux - уязвимость в binutils
“findabstractinstance” in dwarf2.c, located in the Binary File Descriptor BFD library also known as libbfd, as part of GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash through a crafted ELF file...
Astra Linux - уязвимость в binutils
An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory access exists in bfdstabsectionfindnearestline in syms.c. Attackers could leverage this vulnerability to cause a denial of service application crash via a crafted E...
Astra Linux - уязвимость в exim4
In versions of Exim up to 4.97.1, Misparse processes multi-line RFC 2231 header filenames. As a result, remote attackers can bypass the protection mechanism that blocks $mimefilename extensions, and potentially deliver executable attachments to the mailboxes of end users...
Astra Linux - уязвимость в thunderbird
Thunderbird allows the use of the Text DirectionOverride Unicode Character in filenames. As a result, an email attachment might be incorrectly displayed as a document file, when in fact it is an executable file. Older versions of Thunderbird will remove this character and display the correct file...
Astra Linux - уязвимость в binutils
A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.31. A heap-based buffer overflow in the bfdgetl32 function in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be...
Astra Linux - уязвимость в libreoffice
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so that it does not match the denylist, resulting in ShellExecute attempting to launch an executable file...
Astra Linux - уязвимость в firefox, thunderbird
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...
Malicious code in rostilesolver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3250 Malicious code in rostilesolver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in metoopro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...
MAL-2026-3247 Malicious code in metoopro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...
EUVD-2026-26702
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...
CVE-2026-23863
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...
EUVD-2026-26665
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened...
CVE-2026-23863
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...
CVE-2026-23863
CVE-2026-23863 affects WhatsApp for Windows prior to version 2.3000.1032164386.258709. The issue is an attachment spoofing flaw where documents with embedded NUL bytes in the filename could be displayed as one file type but executed when opened. Root cause is improper handling of specially crafte...
CVE-2026-23863
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...
PT-2026-36499
Name of the Vulnerable Software and Affected Versions WhatsApp for Windows versions prior to 2.3000.1032164386.258709 Description An attachment spoofing issue exists due to improper handling of hidden control characters in filenames. Specifically, the application fails to properly sanitize or...
Facebook WhatsApp 安全漏洞
Facebook WhatsApp is a suite of Android-based mobile applications from Facebook, Inc. in the United States that utilize the Internet to deliver text messages. The application uses the contact information in the smartphone to find contacts using the software to send texts, pictures, etc. A securit...