Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfc: fdp: Fixed a potential memory leak in fdpncisend. The fdpncisend function calls fdpncii2cwrite, which does not free the skb object after its execution. As a result, when fdpncii2cwrite is completed, the skb object will...

EUVD-2026-28693

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtwgetieex Just like in commit 154828bf9559 "staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser", we don't trust the data in the frame so we should check the length...

CVE-2026-43387

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtwgetieex Just like in commit 154828bf9559 "staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser", we don't trust the data in the frame so we should check the length...

PT-2026-39048

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rtl8723bs staging driver where the rtw get ie ex function does not properly validate data within the frame. This lack of length verification can lead to improper...

CVE-2026-37541

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 OVMS3 3.3.005. In canformatgvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames...

PT-2026-36515

Name of the Vulnerable Software and Affected Versions Open Vehicle Monitoring System 3 OVMS3 version 3.3.005 Description A buffer overflow exists in the canformat gvret.cpp file. The length field in GVRET binary data is not properly validated, which allows remote attackers to cause a denial of...

OSV-2026-97 Heap-buffer-overflow in vpx_wb_write_literal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476466137 Crash type: Heap-buffer-overflow WRITE 1 Crash state: vpxwbwriteliteral vp9packbitstream encodeframetodatarate...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004012)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004012 advisory. An issue was discovered in slcbump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized canframe data,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000508)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000508 advisory. An issue was discovered in slcbump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized canframe data,...

EUVD-2019-11947

Malware in sbrugna...

EUVD-2010-4364

Malware in sbrugna...

CVE-2025-11082 GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be use...

CVE-2022-49924 nfc: fdp: Fix potential memory leak in fdp_nci_send()

In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdpncisend fdpncisend will call fdpncii2cwrite that will not free skb in the function. As a result, when fdpncii2cwrite finished, the skb will memleak. fdpncisend should free skb after...

SUSE CVE-2024-47542

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2readsynchuint function, located in id3v2.c. If id3v2readsynchuint is called with a null work-hdr.framedata, the pointer guint8 data is accessed without validatio...

ALPINE-CVE-2024-47542

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2readsynchuint function, located in id3v2.c. If id3v2readsynchuint is called with a null work-hdr.framedata, the pointer guint8 data is accessed without validatio...

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox version 124, which stems from a buffer overflow that can be caused by improper handling of QUIC ACK frame data...

Improper Access Control

vyper is vulnerable to Improper Access Control. If the length word of a dynarray is on both the left-hand side and the right-hand side of an assignment, it may result in out-of-bounds array access, resulting in call frame data corruption...

SUSE CVE-2009-1311

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...

SUSE CVE-2016-5036

The dumpblock function in printsections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read via crafted frame data...

SUSE CVE-2020-11494

An issue was discovered in slcbump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized canframe data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIGINITSTACKALL, aka CID-b9258a2cece4...