Astra Linux - уязвимость в rails

An XSS vulnerability exists in the Action View tag helpers versions 5.2.0 and below, which would allow an attacker to inject content if they can control the input into specific attributes...

Astra Linux - уязвимость в ntfs-3g

A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-sysman: Fixed reference leak issue. If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned. This means that we need to handle this situation appropriately. In such cases,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: vdpa: Added a queue index attr to the vdpanlpolicy structure for checking nlattr lengths. The vdpanlpolicy structure is used to validate the nlattr during the parsing of incoming nlmsg messages. It ensures that the described...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible Engine, affecting versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, and 2.9.x before 2.9.7. It also affects Ansible Tower in versions 3.4.5 and 3.5.5, as well as 3.6.3, when the ldapattr and ldapentry community modules are used. This issue exposes the LDAP bind...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a NULL dereference bug. The issue arises when this function is called from ntfsloadattrlist. The value of “size” is calculated as le32tocpuattr-res.datasize. On 64-bit systems, this does not cause an overflow, but...

Astra Linux - уязвимость в wireshark

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This issue was addressed in epan/dissectors/packet-btatt.c by validating opcodes...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: schtaprio: fixed possible use-after-free issue. syzbot reported a serious crash 1 in nettxaction, which made no sense until we received a reproduction example. This reproduction example reinstalls the taprio qdisc,...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: refuses to create an EA block when umounted. The EA block expansion needs to access sroot, but sroot is already set to NULL when umount is triggered. This request is refused to avoid panic conditions...

Astra Linux - уязвимость в ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds access vulnerability, caused by an unsanitized attribute length in ntfs inodelookupbyname, in NTFS-3G 2021.8.22...

Astra Linux - уязвимость в ntfs-3g

A properly crafted NTFS image can cause an integer overflow in the memmove function, resulting in a heap-based buffer overflow in the ntfsattrrecordresize function, as of NTFS-3G version 2021.8.22...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c...

Astra Linux - уязвимость в linux-5.10

A issue was discovered in the Linux kernel before version 6.0.11. Missing validation of the IEEE80211P2PATTRCHANNELLIST in the drivers/net/wireless/microchip/wilc1000/cfg80211.c file, within the WILC1000 wireless driver, can lead to a heap-based buffer overflow when parsing the operating channel...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: hp-bioscfg: Fixed warnings regarding empty attribute names in kobjects. The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes...

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

CVE-2026-6397

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...