Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: padata: The handling of refcnts in padatafreeshell has been fixed. In a high-load arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: A memory leak was fixed in loadelfbinary. There is also a memory leak reported by kmemleak: Unreferenced object: 0xffff88817104ef80 size 224 Command: xfsadmin, PID: 47165, jiffies: 4298708825 age: 1333.476 seconds H...

Astra Linux - уязвимость в pyyaml

In PyYAML before version 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1, and the 'UnsafeLoader' has been introduced to maintain backward compatibility with this function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: The kexecbuf structure was previously declared without initialization. The commit bf454ec31add “kexecfile: allow to place kexecbuf randomly” added a field that is always read but not consistently populated by all...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921s: fixed a possible memory leak in mt7921loadpatch. The fw data should always be released at the end of the mt7921loadpatch routine...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Abrupt exit when failing to load firmware in pspinitcapmicrocode. In the function pspinitcapmicrocode, an abrupt exit should occur when attempting to load firmware fails; otherwise, it may lead to invalid memory acces...

Astra Linux - уязвимость в libusrsctp

The usrsctp before December 20, 2019, has out-of-bounds reads in sctploadaddressesfrominit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fixed the memory leak in the elf header buffer. This issue was reported by the kmemleak detector: Unreferenced object 0xffffc900002a9000 size 4096: Command: "kexec", PID: 14950, Jiffies: 4295110793 Age: 373.951 seconds...

Astra Linux - уязвимость в linux, linux-5.15, linux-6.1, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Avoid double-free of special payloads. If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double-free will occur. Clear the RQFSPECIALLOAD when the request is cleaned ...

Astra Linux - уязвимость в tomcat9

There is an occasional URL redirection to untrusted sites, a vulnerability in Apache Tomcat via the LoadBalancerDrainingValve mechanism. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, and from 8.5.30 throu...

MAL-2026-4449 Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021653 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry...

LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading

A flaw was found in LibRaw. A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality. A remote attacker can exploit this by providing a specially crafted malicious file. This can lead to arbitrary code execution, allowing the attacker to take control of the...

LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file

A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the uncompressedfpdngloadraw functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code...

GHSA-M6XR-FVFG-5G64 Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal

Summary dasel's selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as r/abc. A 2-byte input r/ is sufficient to cause the tokenizer to consume 100% CPU on one core indefinitely. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8 a...

CVE-2026-33633

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker, by sending a specially crafted APC graphics protocol command with a large PNG payload to the terminal's standard input stdin, could trigger a heap buffer overflow in the loadimagedata function. This vulnerability...

Malicious code in @tarojs/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...

CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

UBUNTU-CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...