15674 matches found
PT-2026-51243
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow occurs in the doProlog function, specifically related to storeEntityValue and the entity textLen variable. An integer overflow is a condition where an arithmetic operation attemp...
CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability
The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...
CVE-2026-21768
CVE-2026-21768 affects the compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android. The vulnerability arises from improper validation of HTML input in the rich text editor, enabling execution of malicious content in certain scenarios. According to NVD, CVSSv3.1 base score is 6.3 (...
Astra Linux – Vulnerability in Zabbix
Setting the SMS media allows for setting the GSM modem file. This file is later used as a Linux device. But since everything is a file for Linux, it’s possible to set another file, such as a log file. In this case, Zabbixserver will attempt to communicate with it as a modem. As a result, the log...
Astra Linux – Vulnerability in Zabbix
Zabbix allows for the configuration of SMS notifications. AT command injection occurs on the “Zabbix Server” because there is no validation of the “Number” field either on the web interface or on the Zabbix server side. An attacker can send specially crafted phone numbers via SMS and execute...
Astra Linux – Vulnerability in twitter-bootstrap3
A security vulnerability has been discovered in Bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is related to the “data-loading-text” attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into this attribute,...
Astra Linux – Vulnerability in Firefox and Thunderbird
When segmenting specially crafted text, segmentation may corrupt memory, leading to a potentially exploitable crash. This vulnerability has been fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...
Astra Linux – Vulnerability in Firefox
Under unusual circumstances, selecting text may cause text selection caching to behave incorrectly, resulting in a crash. This vulnerability affects Firefox versions less than 99...
Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src
A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QEMU-built-in VNC server during the processing of ClientCutText messages. A incorrect exit condition may lead to an infinite loop when inflating a zlib buffer controlled by an attacker in the inflatebuffer function. This could allow a remotely authenticated client, wh...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: x86/mm: Fixed the alignment assumption in pticlonepgtable. Guenter reported problematic crashes in an i386-nosmp build using GCC-11. These crashes occurred as endless traps until the entry stack was exhausted, followed by a DF...
Astra Linux – Vulnerability in musl
Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...
Astra Linux – Vulnerability in Parsec
The vulnerability of the typefromtext function in the PARSEC security subsystem is related to accessing beyond the global buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service failures...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Staging: iio: frequency: ad9832: fixed division by zero in ad9832calcfreqreg. In the ad9832writefrequency function, clkgetrate might return 0. This can lead to a division by zero when calling ad9832calcfreqreg. The check if fout...
Astra Linux – Vulnerability in Firefox and Thunderbird
When inserting text while in edit mode, some characters may cause out-of-bounds memory access, leading to potentially exploitable crashes. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Astra Linux – Vulnerability in Zabbix
Currently, the geomap configuration Administration - General - Geographical maps allows the use of HTML in the “Attribution text” field when the “Other” Tile provider is selected...
Astra Linux – Vulnerability in golang-golang-x-text
An attacker can cause a denial of service by creating an Accept-Language header that requires ParseAcceptLanguage to take significant time to process...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in Ceph versions prior to 16.y.z, where Ceph stores mgr module passwords in plain text. This can be identified by searching the mgr logs using Grafana and the dashboard, as the passwords are visible...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: kprobes: Fixed a possible use-after-free issue during kprobe registration. When unloading a module, its state changes from MODULESTATELIVE to MODULESTATEGOING, and then to MODULESTATEUNFORMED. Each of these changes takes some...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fixed bpfarchtextpoke when newaddr == NULL again. The commit 7ded842b356d "s390/bpf: Fixed bpfplt pointer arithmetic" accidentally removed the critical portion of the commit c730fce7c70c "s390/bpf: Fixed bpfarchtextpoke...