CVE-2026-44049

A flaw was found in Netatalk. A remote attacker could exploit an out-of-bounds write vulnerability within the convertcharset function. This issue, caused by improper null termination, allows an attacker to write data beyond the allocated memory buffer. Successful exploitation could lead to...

CVE-2026-44071

A flaw was found in Netatalk. This issue arises because the software is compiled without FORTIFYSOURCE, a security feature that provides built-in buffer overflow detection at runtime. A remote attacker could exploit this by triggering memory errors that would otherwise be safely handled, leading ...

CVE-2026-44071

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFYSOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection...

CVE-2026-7836 hextoint macro uppercase bug

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

CVE-2026-44053 Weak cryptography in DHCAST128 UAM

Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...

CVE-2026-44049

An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...

SUSE CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2026-9121

Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-20199

CVE-2026-20199 affects Cisco ThousandEyes Virtual Appliance. The issue stems from insufficient validation in SSL certificate handling, allowing an authenticated, remote attacker (with valid admin credentials) to upload a crafted certificate and execute arbitrary code as root on the underlying OS....

USN-8285-1: GStreamer Good Plugins vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain MOV/MP4 media files. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

Astra Linux - уязвимость в node-brace-expansion

A vulnerability was discovered in the juliangruber brace-expansion library up to versions 1.1.11/2.0.1/3.0.0/4.0.0. This issue has been identified as problematic. The affected function is the “expand” function of the file index.js. Manipulation of this function leads to inefficient use of regular...

Astra Linux - уязвимость в chromium

The use of after free in Passwords in Google Chrome before version 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Before version 117.0.5938.62, SwiftShader in Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в openjdk-11

A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1...

Astra Linux - уязвимость в mercurial

A vulnerability was discovered in Mercurial SCM 4.5.3/71.19.145.211. This vulnerability is considered problematic. It affects unknown code within the Web Interface component. Manipulating the cmd argument leads to cross-site scripting attacks. The attack can be initiated remotely. The exploit has...

Astra Linux - уязвимость в yaml-cpp

The SingleDocParser::HandleFlowSequence function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...

Astra Linux - уязвимость в emacs

A command injection flaw was discovered in the text editor Emacs. This flaw could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirec...

Astra Linux - уязвимость в chromium

Integer overflow in the USB component of Google Chrome prior to version 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...