Astra Linux - уязвимость в unbound

The DNS protocol in RFC 1035 and its updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated over seconds. As a result, responses are sent in a pulsing burst, which can be considered traffic amplification in some cases. This...

Astra Linux - уязвимость в pgpool2

In Pgpool-II, there is a risk of exposing sensitive information due to incompatible policy issues. If a database user accesses the query cache, unauthorized table data may be retrieved for that user...

Astra Linux - уязвимость в mariadb-10.3

It has been discovered that MariaDB Server v10.6.5 and earlier contain a use-after-free in the Itemargs::walkarg component, which can be exploited through specially crafted SQL statements...

Astra Linux - уязвимость в ntp

In the file libntp/mstolfp.c, within the NTP version 4.2.8p15, there is a buffer overflow vulnerability when copying the trailing number. An attacker may be able to exploit this vulnerability against a client’s NTPQ process, but they cannot exploit it against ntpd...

Astra Linux - уязвимость в uriparser

A issue was discovered in uriparser through 0.9.7. The ComposeQueryEngine in UriQuery.c has an integer overflow due to long keys or values, resulting in a buffer overflow...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed the OOB write issue in QUERYINFO for compound requests. When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd might write beyond...

Astra Linux - уязвимость в sqlite3

In SQLite before version 3.32.3, select.c improperly handled the query-flattener optimization, resulting in a multiSelectOrderBy heap overflow due to the misuse of transitive properties for constant propagation...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the handling of the SMB2TREECONNECT and SMB2QUERYINFO commands. The issue arises from the lack of proper validation of a pointer before accessing it. An...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed an out-of-bounds write issue in smb2getea when performing EA alignment. smb2getea applies a 4-byte alignment padding using memset after writing each EA entry. The bounds check on buffreelen is performed before the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in acioctl This vulnerability was discovered by Atuin – an automated vulnerability discovery engine. In acioctl, the validation of IndexCard and the check for a valid RamIO pointer are...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: procfs: Fixed a possible double mmput operation in doprocmapquery. When a user provides a buffer of incorrect size for the PROCMAPQUERY build ID, we return an -ENAMETOOLONG error. After recent changes, this condition occurs later...

Astra Linux - уязвимость в zabbix

There is a vulnerability related to arbitrary file reading in the Zabbix Web Service Report Generation module, which listens on port 10053. The service does not perform proper validation on URL parameters before reading the files...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: The backing store type is set based on the query type. The bnxthwrmfuncbackingstoreqcapsv2 function stores resp-type from the firmware response in ctxm-type, and then uses that value to index fixed backing-store metadata...

Astra Linux - уязвимость в python-django

A issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are vulnerable to SQL injection if untrusted data is used as a kind/lookupname value. Applications that restrict the choice of lookup names and kinds to a known safe list are not...

Astra Linux - уязвимость в sqlite3

A flaw was discovered in SQLite’s SELECT query functionality src/select.c. This flaw allows an attacker who is capable of executing SQL queries locally on the SQLite database to cause a denial of service or potentially lead to code execution by triggering a use-after-free. The most significant...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parsed query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters. This allowed attackers to send requests...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ACPI: EC – Fixed an oops error when removing custom query handlers When removing custom query handlers, the handler may still be used within the EC query workqueue. This could lead to a kernel oops if the module that holds the...

Astra Linux - уязвимость в python-django

A issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. The QuerySet.annotate, aggregate, and extra methods are vulnerable to SQL injection when column aliases are used, through a crafted dictionary with dictionary expansion as part of the kwargs parameters...

CVE-2026-9003

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

EUVD-2026-31046

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...