Astra Linux – Vulnerability in libstb

stbimage is a single-file library licensed under MIT that is used for processing images. The stbigetn function reads a specified number of bytes from the context usually a file into the specified buffer. If the file stream points to the end of the file, it returns zero. There are two places where...

EulerOS 2.0 SP11 : gdk-pixbuf2 (EulerOS-SA-2026-2203)

According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper...

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

Insufficient data validation in the loader component of Google Chrome prior to version 96.0.4664.93 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux - уязвимость в u-boot

In Das U-Boot through 2022.07-rc5, an integer signedness error and resulting stack-based buffer overflow occur in the “i2c md” command, which allows for the corruption of the return address pointer of the doi2cmd function...

Apache OpenNLP 安全漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. Versions of Apache OpenNLP prior to 2.5.9 and 3.0.0-M3 contained security vulnerabilities. These vulnerabilities stemmed from the ExtensionLoader.instantiateExtension method, which loaded and initialized...

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

CVE-2026-5313

A flaw was found in Nothings stb. A remote attacker can exploit a vulnerability in the stbigifloadnext function within the GIF Decoder component of the stbimage.h library. This manipulation can lead to a denial of service DoS, making the affected system or application unavailable. The exploit for...

Linux Distros Unpatched Vulnerability : CVE-2026-5201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color...

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

CVE-2026-4887 Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

Linux Distros Unpatched Vulnerability : CVE-2016-4972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient...

SUSE CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

PT-2024-37073 · Simofa · Simofa

Name of the Vulnerable Software and Affected Versions: Simofa versions prior to 0.2.7 Description: Simofa is a tool to help automate static website building and deployment. Due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require...

The vulnerability of TP-Link Archer C7 Wi-Fi routers’ microprogramming software lies in the absence of authentication for a critical function, allowing attackers to gain unauthorized access to protected information.

The vulnerability of TP-Link Archer C7 Wi-Fi routers’ microprogramming software is related to the absence of authentication for a critical function during the loading of the l00.xml page. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

The vulnerability of the file loading function of the distributed file system sjqzhang go-fastdfs allows a attacker to write any files and execute any commands.

The vulnerability of the file loading function in the distributed file system sjqzhang go-fastdfs is related to deficiencies in path checking for restricted-access directories. Exploiting this vulnerability allows an attacker to write arbitrary files and execute arbitrary commands remotely...

SUSE CVE-2003-0127

The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel...

SUSE CVE-2011-0706

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."...