Astra Linux – Vulnerability in Intel Microcode

An uncaught exception occurred in the core management mechanism for some IntelR processors. This may allow an authenticated user to potentially enable denial of service through local access...

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba’s DNS server. A authenticated user could exploit this flaw to cause damage to the RPC server. This RPC server, which also supports protocols other than dnsserver, will be restarted after a short delay. However, it is easy for an authenticated, non-administrative...

Astra Linux – Vulnerability in Intel Microcode

Observable timing discrepancies in some Intel processors may allow an authenticated user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in the ‘deref’ plugin of 389-ds-base, where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

Astra Linux – Vulnerability in Intel Microcode

A domain-bypass transient execution vulnerability in some Intel AtomR processors may allow an authenticated user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. In versions prior to 8.0.3, as well as in 7.4.5, 7.2.10, and 6.2.19, an authenticated user could use a specially crafted string to trigger an out-of-bounds write operation on the hyperloglog data structure, potentially leadin...

Astra Linux – Vulnerability in Intel Microcode

The sequence of processor instructions may lead to unexpected behavior on some Intel processors. This could potentially allow an authenticated user to enable privilege escalation, information disclosure, or denial of service through local access...

Astra Linux – Vulnerability in xorg-server

A use-after-free vulnerability was discovered in the ProcRenderAddGlyphs function of Xorg servers. This issue arises when the AllocateGlyph function is called to store new glyphs sent by the client to the X server. As a result, multiple entries may point to the same non-refcounted glyphs...

Astra Linux – Vulnerability in Intel Microcode

The exposure of sensitive information due to shared microarchitectural predictor states, which affect transient execution for some IntelR Core™ processors 10th generation, may allow an authenticated user to potentially disclose information through local access...

Astra Linux – Vulnerability in curl

A poorly protected credentials vulnerability exists in curl 4.9, and versions including curl 7.82.0 are also affected. This vulnerability could allow attackers to extract credentials when using HTTPS redirections with authentication. As a result, credentials may be leaked to other services that...

Astra Linux – Vulnerability in Intel Microcode

Hardware logic in some Intel processors may contain race conditions, which could allow an authenticated user to potentially enable partial information disclosure through local access...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Starting from version 7.0.8 and before version 7.0.10, authenticated users could use the MSETNX command to trigger a runtime assertion and terminate the Redis server process. This issue was fixed in Redis version 7.0.10...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: Do not modify the data when using authenticated encryption. It was stated that authenticated encryption could produce invalid tags when the data being encrypted was modified 1. Therefore, this issue can be addressed by...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk.Authenticated users who issue specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, leading to a runtime assertion and termination of the Redis server process. This issue affects all Redis...

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

rConfig 3.9.4 - Cross-Site Scripting

The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in deviceId GET parameter of devicemgmnt.php resulting in...

CVE-2026-56138

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

CVE-2026-56138

CVE-2026-56138 affects the AIL framework. A path traversal vulnerability exists in the /objects/item/diff endpoint, where an authenticated user can supply item identifiers via the s1 and s2 query parameters. Before the fix, the service could read gzip-compressed files accessible to the AIL proces...

CVE-2026-56138 Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...