Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Media: ti-vpe: cal: Fixed a NULL pointer dereference in calctxv4l2initformats In calctxv4l2initformats, devmkzalloc is assigned to ctx-activefmt, and there is a dereference of it afterward. This could lead to a NULL pointer...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netdevsim: A trailing zero was added to terminate the string in nsimnexthopbucketactivitywrite. This issue was identified by a static analyzer. We should not forget the trailing zero after copyfromuser if we will perform further...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx4en: Fixed a use-after-free bug in mlx4entryallocresources In mlx4entryallocresources, mlx4encopypriv is called, and tmp-txcq will be freed during the error path of mlx4encopypriv. After that, mlx4enallocresources is calle...

CodeChecker 安全漏洞

CodeChecker is an open-source analysis tool developed by Ericsson, which includes Clang Static Analyzer and Clang Tidy. It also provides a database of defects and extensions for viewers. Versions of CodeChecker prior to 6.27.3 contained security vulnerabilities. These vulnerabilities stemmed from...

PT-2026-34878

Name of the Vulnerable Software and Affected Versions CodeChecker versions prior to 6.27.4 Description An authentication bypass exists in CodeChecker, an analyzer tooling, defect database, and viewer extension for the Clang Static Analyzer and Clang Tidy. The issue occurs when the URL ends with...

Improper Security Checks For Unsafe Imports

Fickling is vulnerable to improper security checks for unsafe imports. The vulnerability is due to incomplete validation in the unsafeimports method of the static analyzer, which fails to flag certain high-risk Python modules, allowing an attacker to craft malicious pickle files that bypass safet...

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

CVE-2026-22609

Affected software/issue: Fickling (Python pickling decompiler/static analyzer) prior to v0.1.7. Root cause: unsafe_imports() in the static analyzer fails to flag several high-risk modules, allowing malicious pickles to bypass safety checks. Impact (as stated): potential arbitrary code execution v...

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in versions prior to Fickling 0.1.7 that stems from the static analyzer failing to flag high-risk modules, which could lead to bypassing security checks and executing arbitrary...

CVE-2025-1300

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...

PYSEC-2025-113

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...

PT-2025-51355

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, contained a bypass related to missing unsafe module imports. Specifically, the pty module was not included in the block list, leading to...

CVE-2025-40253

CVE-2025-40253 pertains to the Linux kernel (s390/ctcm) and describes a double free vulnerability. The issue occurs when mpc_rcvd_sweep_req(mpcginfo) frees the mpcginfo object, and ctcmpc_unpack_skb subsequently calls kfree on the same object, leading to a double-free condition. The documented fi...

PYSEC-2025-100

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldloggerlibrary, which is executed by the CodeChecker logcommand.This issue affects...

EUVD-2022-54972

Malicious code in bioql PyPI...

EUVD-2025-5562

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-49254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: ti-vpe: cal: Fix a NULL pointer dereference in calctxv4l2initformats In...

CVE-2025-1300

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...

CVE-2025-1300

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...

CVE-2025-1300 Open redirect in CodeChecker web server

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...