Lucene search
K

7743 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Corrected the incorrect validation of the next buffer length in smb2setea. There are multiple smb2eainfo buffers in the FILEFULLEAINFORMATION request from the client. ksmbd uses the NextEntryOffset of the current...

5.5CVSS6AI score0.00224EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Samba

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions, when the Samba VFS module “aclxattr” is configured with “aclxattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only...

6.5CVSS6.7AI score0.01174EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the JFS filesystem code within the Linux kernel, which allows a local attacker to cause the system to panic by enabling the ability to set extended attributes. This can lead to memory corruption or an escalation of privileges. The most significant threat posed by this...

7.8CVSS6.6AI score0.00788EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

On Ubuntu kernels that carry both c914c0e27eb0 and “UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs. xattrs”, a non-privileged user may set privileged extended attributes on mounted files, causing those attributes to be applied to the upper files without the appropriate...

7.8CVSS7AI score0.15783EPSS
Exploits12References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: capabilities: Fixed a potential memory leak on the error path from vfsgetxattralloc. In capinodegetsecurity, we will use vfsgetxattralloc to complete the memory allocation of tmpbuf. If we have completed the memory allocation of...

5.5CVSS6.1AI score0.00186EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netlink: prevents potential Spectre v1 exploits Most netlink attributes are parsed and validated via nlavalidateparse or validatenla. c u16 type = nlatypenla; if type == 0 || type maxtype / Error or continue / The @type value is...

7.8CVSS6.1AI score0.00199EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A out-of-bounds read vulnerability was discovered in the SR-IPv6 implementation within the Linux kernel. The flaw arises from the processing of seg6 attributes. The issue stems from the improper validation of user-provided data, which can lead to reading data beyond the bounds of an allocated...

4.4CVSS6.4AI score0.00353EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Do not overflow the lpageinfo array when checking attributes The issue was fixed by preventing KVMSETMEMORYATTRIBUTES from overflowing the lpageinfo array and triggering KASAN errors, as observed in the...

5.5CVSS6.2AI score0.00227EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Golang-1.19

Templates that contain actions within unquoted HTML attributes e.g., “attr=.” and are executed with an empty input can lead to unexpected outputs when parsed due to HTML normalization rules. This may allow for the injection of arbitrary attributes into tags...

7.3CVSS6.8AI score0.01037EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Samba

A vulnerability was discovered in Samba. A delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object’s creation. This issue arises because the administrator...

7.5CVSS6.7AI score0.00484EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A use-after-free vulnerability was discovered in the Linux kernel’s ext4 file system, particularly regarding the handling of the additional inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...

6.7CVSS6.7AI score0.00245EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: dcb: The correct policy must be chosen to parse DCBATTRBCN. The function dcbnlbcnsetcfg uses an incorrect policy to parse tbDCBATTRBCN. This issue was introduced in commit 859ee3c43812 “DCB: Add support for DCB BCN”. Please...

5.5CVSS5.9AI score0.00161EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a overflow check for attribute size. The offset addition could cause an overflow, potentially passing the used size check when parsing MFT attributes with very large sizes e.g., 0xffffff7f. This could lead to...

6.8AI score0.00217EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: netlink: Allow NULL nlattrs when getting a phydevice The ethnlreqgetPhyDev function is used to look up a phyDevice, in cases where an ethtool netlink command targets a specific phyDevice within a netDevice’s topolog...

5.5CVSS6.2AI score0.0019EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in node-json-schema

JSON-schema is vulnerable to improperly controlled modification of object prototype attributes known as “Prototype Pollution”...

9.8CVSS6.8AI score0.03563EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Thunderbird, Firefox, NSS

An attacker could create a PKCS 12 certificate bundle in a way that allows arbitrary memory writes through the mishandled Safe Bag attributes of PKCS 12. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS7AI score0.00817EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-51122

Name of the Vulnerable Software and Affected Versions Symfony UX Icons affected versions not specified Description The ux icon Twig function is marked as safe for HTML, which prevents Twig from escaping its output. The Icon::toHtml function inlines SVG source code directly into the page. Because...

6.1CVSS5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/18 2:27 p.m.5 views

GHSA-CMWH-PVXP-8882 DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)

Summary DOMPurify 3.4.7 shipped a security fix "permanent hook pollution" that makes a registered uponSanitizeAttribute hook's mutation of data.allowedAttributes non-persistent — so allowing an attribute for one element does not leak into later sanitize calls. The fix clones ALLOWEDATTR inside...

5.1CVSS5.6AI score
Exploits0References2
CVE
CVE
added 2026/06/18 6:50 a.m.27 views

CVE-2026-12136

CVE-2026-12136 affects the WordPress plugin “Customize My Account for WooCommerce” up to version 4.3.6. The root cause is insufficient input sanitization and output escaping on shortcode attributes (min_height, min_width, max_height, max_width) used by sysbasics_user_avatar, which are concatenate...

6.4CVSS5.6AI score0.00193EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens RUGGEDCOM RST2428P Cross-site Scripting (CVE-2025-66412)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS6.8AI score0.00377EPSS
Exploits1References4
Rows per page
Query Builder