20914 matches found
CVE-2026-39999
Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...
CVE-2026-49871
CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...
CVE-2026-47341
Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...
EUVD-2026-38015
Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...
EUVD-2026-38013
Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...
GHSA-8C59-HR4W-QG69
creationtimestamp| type| source ---|---|--- 2026-06-19 11:11:26+00:00| seen| https://gist.github.com/alon710/f7dddc065a286d49734bb0de9451848c 2026-06-19 11:22:09+00:00| seen| https://gist.github.com/alon710/be9211ec3a305ce39ef3284bab7182dd 2026-06-19 11:46:12+00:00| seen|...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsuspsave On arm64 machines, swsuspsave faults if it attempts to access MEMBLOCKNOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use accesswidth instead of bitwidth for system memory accesses To align with ACPI 6.3+, since bitwidth can be any 8-bit value, it cannot be relied upon to always be at a clean 8-bit boundary. This issue was discovered...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok
In doProlog, within xmlparse.c of the Expat library also known as libexpat, there is an integer overflow issue related to mgroupSize before version 2.4.3...
Astra Linux – Vulnerability in Firefox and Thunderbird
Relative URLs that start with three slashes were incorrectly parsed. The “path-traversal” /../ part in the path could be used to override the specified host. This could lead to security issues in websites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: SMB3: Added missing locks to protect the deferred close file list. The cifsdeldeferredclose function has a critical section that modifies the deferred close file list. We must acquire the deferredlock before calling the...
Astra Linux – Vulnerability in Python 3.7, PHP 7.3
The Keccak XKCP SHA-3 reference implementation, prior to the update of fdc6fef, has an integer overflow and resulting buffer overflow issue. This vulnerability allows attackers to execute arbitrary code or compromise the expected cryptographic properties of the algorithm. This issue occurs within...
Astra Linux – Vulnerability in gdcm
There is an out-of-bounds write vulnerability in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to exploit this vulnerability...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...
Astra Linux – Vulnerability in Wireshark
An infinite loop in the BitTorrent DHT dissector in Wireshark versions 3.6.0, 3.4.0, and 3.4.10 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB before version 10.6.5 has a sqllex.cc integer overflow issue, which can lead to an application crash...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in the renesasusb3remove function in drivers/usb/gadget/udc/renesasusb3.c...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3D. Coherent surfaces make sense only if the host renders to them using accelerated APIs. Without 3D, all the content in dumb buffers remains on the guest, making all the addition...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fixed NULL pointer dereferencing in ixgbexdpsetup The ixgbe driver currently causes a NULL pointer dereferencing with some machines online cpus ringfeatureRINGFFDIR.limit = count; This results in numqueues being set to 63...
Astra Linux – Vulnerability in PHP 7.3, PHP 8.1
Due to an incomplete fix for CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, network and same-site attackers can set an insecure cookie in the victim’s browser. This cookie is treated as a Host- or Secure-cookie by PHP applications...