11902 matches found
Astra Linux - уязвимость в libstb
stbvorbis is a single-file MIT licensed library for processing OGG Vorbis files. A maliciously crafted file may trigger an out-of-bounds write vulnerability in the line f-vendorlen = char'\0';. The root cause of this issue is that if len read from startdecoder is -1, then len + 1 becomes 0 when...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: memblock: The memory allocated before it is used in memblockdoublearray should be accepted. When increasing the array size in memblockdoublearray, if the slab is not yet available, a call to memblockfindinrange is used to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevents infinite recursion. If the buf + offset is not aligned to XECAHELINEBYTES, we fall back to using a bounce buffer. However, the bounce buffer is allocated on the stack, and the only alignment requirement...
Astra Linux - уязвимость в glibc
The Name Service Cache Daemon’s nscd netgroup cache uses xmalloc or xrealloc, and these functions may terminate the process due to a memory allocation failure, resulting in a denial of service for clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Networking: dsa: felix: fixed the possible dereferencing of a NULL pointer. As a possible failure during allocation, kzalloc may return a NULL pointer. Therefore, it is better to check for the value of 'sgi' to prevent the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: Fixed a potential NULL dereferencing on a kmalloc failure. Avoid potential NULL pointer dereferences by checking the return value of kmalloc and properly handling allocation failures...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: udptunnel: Use netdevwarn instead of netdevWARN. netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister failing due to a memory allocation failure e.g., kzalloc o...
Astra Linux - уязвимость в linux-5.10
A issue was discovered in the Linux kernel through version 5.16-rc6. The lkdtmARRAYBOUNDS function in drivers/misc/lkdtm/bugs.c lacks a check for the return value of kmalloc, which can lead to a null pointer derefrence...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fixed an overflow issue when dealing with long HMAC keys. When a key that is longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: There is an issue with the correct reference to the devm device for the hidinput inputdevice name. The reference should be made to the HID device, not the input device, when allocating the inputdev name. Referring t...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: nfs: Handling of failures in nfsgetlockcontext during unlock path When memory is insufficient, the allocation of nfslockcontext in nfsgetlockcontext fails and returns -ENOMEM. If we mistakenly treat an nfs4unlockdata structure...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add a NULL check in wledconfigure. The devmkasprintf function returns NULL when memory allocation fails. Currently, wledconfigure does not check for this case, resulting in a NULL pointer being dereferenced. Ad...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fbaddvideomode to prevent nullptrderef. The fbaddvideomode function may fail with -ENOMEM if its internal kmalloc function cannot allocate a struct fbmodelist. In such cases, the modelist remains empty, but th...
Astra Linux - уязвимость в sqlite3
In SQLite 3.49.0 before 3.49.1, certain argument values passed to sqlite3dbconfig in the C-language API can cause a denial of service application crash. A sznBig multiplication is not cast to a 64-bit integer, which can lead to incorrect memory allocations...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Added a check for memory allocation. allocpbl can return an error when memory allocation fails. The driver does not check the status in some instances...
PT-2026-42181
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021580)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021580 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUGON on ENOMEM from btrfslookupextentinfo in walkdownproc We handle errors here...
Progress Software MOVEit 安全漏洞
Progress Software MOVEit is a secure hosted file transfer software developed by Progress Software Corporation in the United States. Versions of Progress Software MOVEit prior to 2025.0.11, as well as versions from 2025.1.0 to 2025.1.7, contained security vulnerabilities. These vulnerabilities wer...
gimp: GIMP: Remote Code Execution via ANI File Parsing Integer Overflow
A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI Animated Cursor file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of...
CVE-2025-57798
CVE-2025-57798 affects Joplin