Astra Linux - уязвимость в libstb

stbimage.h 2.27 contains a heap-based buffer within stbijpegload, which can lead to information disclosure or denial of service...

Astra Linux - уязвимость в snakeyaml

The Alias feature in SnakeYAML before version 1.26 allowed entity expansion during a load operation, which is a related issue to CVE-2003-1564...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: testfirmware: fixed a memory leak in testfirmwareinit. When miscregister failed in testfirmwareinit, the memory pointed to by testfwconfig-name was not released. The memory leak information is as follows: Unreferenced object...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: xc2028: Avoid use-after-free in loadfirmwarecb Syzkaller reported a use-after-free in loadfirmwarecb. The reason is that the module allocated a struct tuner in tunerprobe, and then the module initialization failed, causing...

Astra Linux - уязвимость в pyyaml

A vulnerability was discovered in the PyYAML library in versions prior to 5.3.1. In these versions, the library is susceptible to arbitrary code execution when it processes untrusted YAML files using the fullload method or the FullLoader loader. Applications that use this library to process...

Astra Linux - уязвимость в pyyaml

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

Astra Linux - уязвимость в thunderbird, firefox

Module load requests that failed were not checked to determine whether they had been cancelled, resulting in a use-after-free in ScriptLoadContext. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Call btrfsremovefreespacecachelocked on cache load failure Now that lockdep remains enabled throughout our CI processes, I noticed the following stack trace in generic/475: ------------ Cut here --- WARNING: CPU: 1 PID:...

Astra Linux - уязвимость в firefox, thunderbird

When checking whether the Browsing Context was discarded in HttpBaseChannel, if the load group was not available, it was assumed that the Browsing Context had already been discarded. However, this assumption was not always true for private channels after the private session ended. This...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDLLoadWAVRW in the audio/SDLwave.c file, there is an issue of buffer over-reading for versions from 1.2.15 up to 2.x, and further up to 2.0.9...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: carl9170 – Do not perform a ping on a device that has failed to load its firmware. Syzkaller reports that crashes occur when attempting to perform a ping on a device that has failed to load its firmware. Since such devic...

Astra Linux - уязвимость в ffmpeg5

A flaw was discovered in FFmpeg. This vulnerability allows for unexpected additional CPU load and storage consumption, potentially leading to reduced performance or denial of service due to the demuxing of arbitrary data as XBIN-format data without proper format validation...

Astra Linux - уязвимость в libstb

stbimage is a single file MIT licensed library for processing images. If stbiloadgifmain in stbiloadgiffrommemory fails it returns a null pointer and may keep the z variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls stbiverticalflipslices with th...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a NULL dereference bug. The issue arises when this function is called from ntfsloadattrlist. The value of “size” is calculated as le32tocpuattr-res.datasize. On 64-bit systems, this does not cause an overflow, but...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to period...

CVE-2026-7603 JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

CLSA-2026-1777451880 babel: Fix of CVE-2021-42771

CVE-2021-42771: fix directory traversal in Locale.exists/load...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 PoC ⚠️ For educational and authorized securit...

CVE-2026-43020

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

CVE-2026-31767

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Stop adjusting the horizontal timing values based on the compression ratio in command mode. Bspec seems to be telling us to do this only in video mode, and...