OPENSUSE-SU-2026:20842-1 Security update for openjpeg2

This update for openjpeg2 fixes the following issue - CVE-2025-54874: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of- bounds heap memory write bsc1247650...

SUSE-SU-2026:21995-1 Security update for openjpeg2

This update for openjpeg2 fixes the following issue - CVE-2025-54874: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of- bounds heap memory write bsc1247650...

krb5 security and bug fix update

An update is available for krb5. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect path comparison in ocrdmacopypduresp. This comparison involves dereferencing an...

JLSEC-2026-547

A flaw was found in the opj2decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and...

ALPINE-CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

Astra Linux - уязвимость в krb5

The file “lib/kadm5/kadmrpcxdr.c” in MIT Kerberos 5 also known as krb5 before versions 1.20.2 and 1.21.x before version 1.21.1 exposes an uninitialized pointer. A remotely authenticated user can cause a Kadmind crash. This occurs because the function xdrkadm5principalentrec does not validate the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed an issue where an uninitialized pointer was freed during the readalloconename function. The readalloconename function does not initialize the name field of the passed fscryptstr structure if kmalloc fails to allocate...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: um: line: always fill errorout in setuponeline The pointer is not initialized by the callers, but I’ve encountered cases where it is still printed; initialize it in all possible cases within setuponeline...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btmtksdio: Fixed a kernel oops in btmtksdiointerrupt. Fixed the following kernel oops in btmtksdiointerrrupt: 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: A crash occurred due to dereferencing an uninitialized pointer. Since commit 7d5e9737efda “net: rfkill: gpio: get the name and type from device property”, the rfkillfindtype function is called with the possibly...

Astra Linux - уязвимость в xorg-server, xwayland

A flaw related to accessing an uninitialized pointer was discovered in X.Org and Xwayland. The compCheckRedirect function may fail if it cannot allocate the backing pixmap. In such cases, compRedirectWindow will return a BadAlloc error without validating the window tree just before processing; as...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-buffer: Fixed the possibility of dereferencing an uninitialized pointer. There is a pointer called headpage in the function rbmetavalidateevents. This pointer is not initialized at the beginning of the function. This pointer...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the issue where the “vf” variable might be used without initialization in this function. To address the regression introduced by commit 52424f974bc5, which causes servers to hang under very difficult-to-reproduce...

Astra Linux - уязвимость в inkscape

Inkscape version 0.91 has a vulnerability where an uninitialized pointer exists, which may allow an attacker to access unauthorized information...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: pNFS: Fixed an issue where uninitialized pointers were dereferenced. The error occurs during the third attempt to encode extents. When the function exttreepreparecommit reallocates a larger buffer to retry encoding extents, th...

Siemens Solid Edge Multiple File Parsing Vulnerabilities (SSA-921111)

The version of Siemens Solid Edge installed on the remote Windows host is SE2026 prior to V226.0 Update 5. It is, therefore, affected by multiple file parsing vulnerabilities: - The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An...

EUVD-2026-29435

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current...

CVE-2026-44411

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current...