Advisory ROSA-SA-2026-3298

Software: wget 1.21.3 Operating System: ROSA-CHROME Unaffected versions: = wget-1.21.3-2 Affected versions: wget-1.21.3-2 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the userinfo URI of the GNU Wget download manager is related to insecure...

ROS-20260529-73-0013

The vulnerability of HashiCorp’s Vault Community Edition and Vault Enterprise storage platforms relates to the disclosure of information during data transmission. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

ROS-20260529-73-0019

The vulnerability of the software for interacting with servers via CURL is related to the storage of dangerous files. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

CVE-2026-46077

A flaw was found in the Linux kernel's atmel-tdes cryptographic module. This vulnerability arises from an incorrect DMA Direct Memory Access synchronization direction, which can cause the system to process outdated data from the cache on non-coherent platforms. The primary consequence is the...

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

CVE-2026-40829

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

CVE-2026-40825 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

CVE-2026-40824 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

CVE-2026-40823 Authenticated SQLi in DevSerialReset function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06. The option parser allows an attacker to overwrite a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The greatest threat from this vulnerability is to data confidentiality and...

Astra Linux - уязвимость в grub2

A flaw was discovered in the HFS filesystem. When reading the name of an HFS volume during the grubfsmount function, the HFS filesystem driver uses the user-provided volume name as input without properly verifying the length of that name. This issue may lead to a heap-based out-of-bounds write...

Astra Linux - уязвимость в grub2

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory use-after-free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

CVE-2024-36343

CVE-2024-36343 describes improper input validation in the System Management Mode (SMM) communications buffer, enabling a privileged attacker to perform an out-of-bounds read or write in a limited portion of the Top of Memory Segment (TSEG) on AMD platforms. The issue can impact confidentiality an...

CVE-2024-36343

Improper input validation in the System Management Mode SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment TSEG memory region, potentially resulting in loss of confidentiality or integrity...

CVE-2026-0427

CVE-2026-0427 is tied to AMD GPU firmware: improper cleanup of shared register resources could allow an admin-privileged attacker in one Guest VM to access shared resources from another Guest VM. The vulnerability targets the GPU firmware’s handling of shared register space, enabling potential lo...

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

EUVD-2025-209878

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

CVE-2025-54511

CVE-2025-54511 affects the AMD Secure Processor (ASP). The AMD bulletin and NVD entry state that improper handling of insufficient privileges could allow an attacker to provide an input value to a function without sufficient privileges and write data, potentially impacting integrity and availabil...