Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: think-lmi: Fixed reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned, and that reference needs to be disposed of using kobjectput. The validation of the...

Linux Distros Unpatched Vulnerability : CVE-2026-42477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers...

DEBIAN-CVE-2026-42477

A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because...

CVE-2026-42477

A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because...

CVE-2026-42477

The CVE describes a heap-based out-of-bounds read in Open CASCADE Technology (OCCT) v8_0_0_rc5 within the OBJ file parser. The vulnerability affects RWObj_Reader::read, caused by Standard_ReadLineBuffer::ReadLine() returning a 1-byte buffer for minimal OBJ lines and RWObj_Reader::read() calling p...

CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

EUVD-2026-21378

A heap buffer overflow vulnerability exists in the Netwide Assembler NASM due to a lack of bounds checking in the objdirective function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service crash, and...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to insufficient bounds checking in the objdirective function. An attacker can cause heap memory corruption, application crash, or execute arbitrary code by submitting a specially crafted .asm file...

CVE-2026-6067

A heap buffer overflow vulnerability exists in the Netwide Assembler NASM due to a lack of bounds checking in the objdirective function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service crash, and...

CVE-2026-6067

A heap buffer overflow vulnerability exists in the Netwide Assembler NASM due to a lack of bounds checking in the objdirective function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service crash, and...

UBUNTU-CVE-2026-6067

A heap buffer overflow vulnerability exists in the Netwide Assembler NASM due to a lack of bounds checking in the objdirective function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service crash, and...

CVE-2026-6067

The CVE-2026-6067 entry concerns the Netwide Assembler (NASM). A heap buffer overflow is caused by insufficient bounds checking in the obj_directive() function. An attacker could exploit this by assembling a malicious .asm file, leading to heap memory corruption, crash (DoS), or arbitrary code ex...

NASM 安全漏洞

NASM is a cross-platform assembler tool open source from The Netwide Assembler. NASM has a security vulnerability, which stems from the absence of boundary checks in the objdirective function. This vulnerability could lead to heap buffer overflows, denial of service, and the execution of arbitrar...

PT-2026-31917

A heap buffer overflow vulnerability exists in the Netwide Assembler NASM due to a lack of bounds checking in the obj directive function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service crash, and...

OSV-2026-371 Heap-buffer-overflow in tinyobj::tryParseDouble

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=490598877 Crash type: Heap-buffer-overflow READ 1 Crash state: tinyobj::tryParseDouble tinyobj::LoadObjInternal tinyobj::LoadObj...

Fickling: OBJ opcode call invisibility bypasses all safety checks

Assessment The interpreter so it behaves closer to CPython when dealing with OBJ, NEWOBJ, and NEWOBJEX opcodes https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a. Original report Summary All 5 of fickling's safety interfaces -- islikelysafe, checksafety, CLI...

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()

A null pointer dereference exists in the linux kernel such that in objstockflushrequired:stock-cachedobjcg can be reset between the check and dereference, resulting in damage to the availability of the system...

CVE-2021-41539

A vulnerability has been identified in Solid Edge SE2021 All versions SE2021MP8. The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process ZDI-CAN-13773...

CVE-2021-41540

A vulnerability has been identified in Solid Edge SE2021 All versions SE2021MP8. The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process ZDI-CAN-13776...