GNU LibreDWG 安全漏洞

GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A security vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a reachable assertion in the decompressR2004section function of the src/decode.c file in the Dwgread Utili...

SourceCodester Student Grades Management System 安全漏洞

SourceCodester Student Grades Management System is a SourceCodester open source student grades management system. A security vulnerability exists in SourceCodester Student Grades Management System version 1.0, which originates from an unknown section and could lead to cross-site request forgery. ...

Possible cache poisoning via promiscuous records for the authority section

...

CVE-2026-42959

A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...

CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

CVE-2026-42960

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

EUVD-2026-31083

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

CVE-2026-42960

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

Astra Linux - уязвимость в binutils

A heap-based buffer overflow issue was discovered in the secmergehashlookup function in merge.c within the Binary File Descriptor BFD library also known as libbfd, as part of the GNU Binutils 2.31. This issue arises due to bfdaddmergesection improperly handling section merges when the size is not...

Astra Linux - уязвимость в binutils

A issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in the processmipsspecific function in readelf.c, due to a malformed MIPS option section...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fixing the lock issue related to the gtk offload status event. The ath11k active PDevs are protected by RCUs. However, the code that handles the gtk offload status event and calls ath11kmacgetarvifbyvdevid was not...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: zone: Fix was made to avoid inconsistencies between SIT and SSA. With the above testcase, inconsistencies may occur between SIT and SSA. Example code: createnullblk 512 2 1024 1024 mkfs.f2fs -m /dev/nullb0 mount /dev/nullb0...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in the .notes section. When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the “startupxen” entry point. This information is used before booting...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: modpost: fixed an issue where the comparison in isexecutablesection was off by one. The comparison should be set to = to prevent out-of-bounds array access...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: s390/entry: Marked IRQ entries to fix stack depot warnings The stack depot filters out everything outside of the top interrupt context as an uninteresting or irrelevant part of the stack traces. This helps with stack trace...

Astra Linux - уязвимость в binutils

Heap buffer overflow vulnerability in binutils’ readelf before version 2.40, caused by the displaydebugsection function in the readelf.c file...

Astra Linux - уязвимость в tiff

A heap buffer overflow in the ExtractImageSection function within the tiffcrop.c file in the libtiff library version 4.3.0 allows attackers to trigger unsafe or out-of-bounds memory access through a crafted TIFF image file. This could lead to application crashes, potential information disclosure,...

Astra Linux - уязвимость в ntfs-3g

In NTFS-3G versions before version 2021.8.22, when a specially crafted MFT section is provided in an NTFS image, a heap buffer overflow may occur, allowing code execution...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The commit 5ec8e8ea8b77 “mm/sparsemem: fix race in accessing memorysection-usage” changed pfnsectionvalid to include a READONCE call around “ms-usage” to address a race condition with sectiondeactivate. In this case, ms-usage can...

Astra Linux - уязвимость в binutils

A vulnerability classified as problematic was discovered in GNU Binutils 2.45. The function copysection in the file binutils/objcopy.c is affected by this vulnerability. Manipulation of this function leads to a heap-based buffer overflow. Local attacks are required to exploit this vulnerability...