6909 matches found
keycloak: Keycloak: Denial of Service via specially crafted SAML input
A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...
Astra Linux - уязвимость в elfutils
The libcpu component, which is used by libasm of elftools version 0.177 git 47780c9e, suffers from denial-of-service vulnerabilities caused by application crashes due to out-of-bounds write CWE-787, off-by-one errors CWE-193, and reachable assertions CWE-617. To exploit these vulnerabilities,...
Astra Linux - уязвимость в bind9
In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of the Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record that...
Astra Linux - уязвимость в libstb
stbimage.h also known as the stb image loader, version 2.23, as used in libsixel and other products, has an assertion failure in stbishiftsigned...
Astra Linux - уязвимость в redis
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this issue was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have any safety guarantees related to...
Astra Linux - уязвимость в avahi
A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion in the avahirdataparse function...
Astra Linux - уязвимость в bind9
In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions of BIND 9 Supported Preview Edition such as 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1, as well as the release version 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a...
Astra Linux - уязвимость в tinyxml
In the TiXmlDeclaration::Parse method in tinyxmlparser.cpp within TinyXML, up to version 2.6.2, there is a potentially exploitable assertion which can lead to application exit. This issue occurs when a malicious XML document is used, where a null character \0 is placed after a whitespace...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89: sar: The assertion droplockdep in rtw89setsarfromacpi was removed. This assertion is triggered during the startup of the rtw89 driver. It seems meaningless to hold wiphy lock at the early initialization stage;...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: jbd2: The assertion “jh-bfrozendata == NULL” failure when the journal aborts has been fixed. The following process will successfully handle the assertion “jh-bfrozendata == NULL” in jbd2journaldirtymetadata:...
Astra Linux - уязвимость в unbound
Unbound before version 1.9.5 allows assertion failures and denial of service in dnamepktcopy due to an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be remotely or locally exploited...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the race condition between balance operations and cancel/pause requests. Syzbot reported a panic that appears as follows: Assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:4...
Astra Linux - уязвимость в liblivemedia
In liveMedia/FramedSource.cpp within Live555, up to version 1.08, an assertion failure can occur, leading to an application exit through multiple SETUP and PLAY commands...
Astra Linux - уязвимость в openldap
In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...
PT-2026-42189
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...
PT-2026-42374
DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...
ISC BIND 9 输入验证错误漏洞
ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a vulnerability related to input validation errors. This vulnerability stems from defects in handling non-Internet-related DNS messages, which may lead to assertion failures. The following versions are...
ISC BIND 9.11.0 < 9.18.49 / 9.11.3-S1 < 9.18.49-S1 / 9.18.0 < 9.18.49 / 9.18.11-S1 < 9.18.49-S1 / 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Assertion Failure (cve-2026-5946)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5946 advisory. - Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN for...
python-markdown: denial of service via malformed HTML-like sequences
A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...
CVE-2026-23557
Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define NDEBUG for xenstore...