Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet: The cqe.result field must always be initialized. The specification does not require that the first two double-word fields also known as “results” for a command queue entry need to be set to 0 when they are not used this is...

Astra Linux - уязвимость в glibc

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library’s DNS backend can lead to a situation where a zero-valued network is queried during operations in the GNU C Library versions 2.0 to 2.42. This could result in the leakage of stack contents to the...

EUVD-2025-9301

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

gd: Information disclosure in gdImageCreateFromXbm()

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

Binary loopholes-the evil of the printf-bug warning-the black bar safety net

This article is binary vulnerabilities related series of articles. printf some of the lesser-known characteristics, for coding convenience, but also introduces security problems. This paper focus on the description of printf in the exploits of some of the usage, in the normal programming is not...

Timbuktu <= 8.6.6 PlughNTCommand Named Pipe Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Timbuktu %q This...