Astra Linux - уязвимость в glibc

There exists an exploitable signed comparison vulnerability in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attack...

Astra Linux - уязвимость в xorg-server

A vulnerability was discovered in X.Org. This security flaw arises because the XkbCopyNames function left a dangling pointer pointing to freed memory, allowing for out-of-bounds memory access during subsequent XkbGetKbdByName requests. This issue can lead to local privileges escalation on systems...

Astra Linux - уязвимость в xorg-server

A flaw related to out-of-bounds memory access was discovered in the X.Org server. This issue can occur when a device that has been frozen by a sync operation is reattached to a different master device. This issue may result in an application crashing, local privilege escalation if the server runs...

Astra Linux - уязвимость в xorg-server

A vulnerability was discovered in X.Org. This security flaw occurs because the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths greater than 32 bytes are sent through the XTestFakeInput request. This issue can lead to local...

Astra Linux - уязвимость в xorg-server

A flaw was discovered in xorg-server. Changing the actions of XKB buttons, such as moving between the touchpad and the mouse, can lead to out-of-bounds memory reads and writes. This may allow for local privilege escalation or potential remote code execution, especially in cases where X11 forwardi...

Astra Linux - уязвимость в xorg-server

A vulnerability was discovered in X.Org. This security flaw arises because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges escalation on systems where the X server is running with...

Astra Linux - уязвимость в chromium, ffmpeg5

In FFmpeg and Google Chrome, prior to version 108.0.5359.71, uninitialized use allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. A authenticated user may use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution. This issue has been fixed in versions 7.4.2, 7.2.7, and 6.2.17. An additional...

Astra Linux - уязвимость в vim

This issue was used after the “free” keyword in the appendcommand function in the GitHub repository’s Vim/Vim version prior to 8.2.4895. This vulnerability can cause software to crash, as it involves bypassing the protection mechanism, modifying memory, and potentially enabling remote execution...

Astra Linux - уязвимость в vim

A heap-based buffer overflow vulnerability exists in the cmdlineerasechars function in the GitHub repository of vim/vim, prior to version 8.2.4899. These vulnerabilities can cause software to crash, modify memory, and may lead to remote execution...

Astra Linux - уязвимость в python2.7

In Python 3.x through 3.9.1, there is a buffer overflow issue in the PyCArgrepr function within ctypes/callproc.c. This issue may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input. This was demonstrated by the use of the argument...

Astra Linux - уязвимость в golang-1.15

Versions of Go before 1.14.14 and 1.15.x before 1.15.7 on Windows are vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that utilize cgo for example, cgo can execute a GCC program from an untrusted source...

Astra Linux - уязвимость в git

Git is an open-source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git’s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits comman...

Astra Linux - уязвимость в bind9

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration that uses BIND’s default settings, the vulnerable code path is not exposed. However, a server can become vulnerable by explicitly setting valid values for the...

Astra Linux - уязвимость в gst-plugins-bad1.0

GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A use-after-free vulnerability was discovered in the drivers/nvme/target/tcp.c file, specifically in the nvmettcpfreecrypto function. This issue stems from a logical error in the NVMe/TCP subsystem of the Linux kernel. This vulnerability may allow a malicious user to exploit the situation,...

MAL-2026-4661 Malicious code in react-tracked-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eeb24dfdd4a970dc44c017056c2a39bed6aa5973a7ec7e94b20c70d90114726c react-tracked-tony impersonates the popular react-tracked package: package.json sets name: react-tracked-tony, author: Daishi Kato, and homepage:...

MAL-2026-4560 Malicious code in fca-official-uzair-rajput (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83c96ed99bb1a48e80228ec0ca012c1dbb7817fe1dbbd492fcb3d2927805f29e fca-official-uzair-rajput is a Facebook chat API library whose only documented entry point, login, invokes an auto-update routine on every call when...

Malicious code in security-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...

MAL-2026-4665 Malicious code in security-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...