CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5CVSS6.2AI score0.00383EPSS

Astra Linux – Vulnerability in openipmi

OpenIPMI before version 2.0.36 has a buffer overflow vulnerability related to the authentication type in the ipmisim simulator. This vulnerability can lead to denial of service, or with a very low probability authentication bypass or code execution...

9.8CVSS6.2AI score0.0907EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a use-after-free issue in Kerberos authentication. The introduction of sess-user = NULL was necessary to fix the dangling pointer created by ksmbdfreeuser. However, it is possible that another thread might be...

AstraLinux•added last week•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: MAC comparisons need to be performed in constant time. To prevent timing attacks, MAC comparisons must be done in constant time. Replace the memcmp function with the correct function, cryptomemneq...

7.4CVSS5.6AI score0.00392EPSS

6.5CVSS6.6AI score0.00856EPSS

Astra Linux – Vulnerability in Chromium

Inappropriate implementations of WebAuthentication in Google Chrome prior to version 96.0.4664.45 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: SCTP: The comparison of MACs has been fixed to require constant-time operations. To prevent timing attacks, MACs need to be compared in constant-time. Use the appropriate helper function for this purpose...

5.6AI score0.00171EPSS

7.5CVSS6.8AI score0.01102EPSS

Astra Linux - Vulnerability in Golang-1.19

Large handshake records can cause panics in the crypto/TLS context. Both clients and servers may send large TLS handshake records, which can cause both servers and clients to panic when attempting to construct responses. This issue affects all TLS 1.3 clients, TLS 1.2 clients that explicitly enab...

AstraLinux•added last week•8 views

Astra Linux – Vulnerability in wpa

Implementations of EAP-pwd in hostapd before version 2.10 and wpasupplicant before version 2.10 are vulnerable to side-channel attacks due to cache access patterns. NOTE: This issue exists because of an incomplete fix for CVE-2019-9495...

9.8CVSS7AI score0.01903EPSS

8.8CVSS8.2AI score0.01013EPSS

Astra Linux – Vulnerability in Firefox

One phishing tactic on the internet involves providing a link with HTTP Auth. For example, it might look like “https://[email protected]”. To mitigate this type of attack, Firefox will display a warning dialog box. However, this warning dialog would not be shown if evil.com used a...

AstraLinux•added last week•3 views

Astra Linux – Vulnerability in exim4

Exim version 4.93 has a buffer overflow issue in the SPA authenticator, which could lead to bypassing SPA/NTLM authentication in the files auths/spa.c and auths/auth-spa.c...

7.5CVSS7.6AI score0.04467EPSS

Exploits2References1

9.8CVSS8.3AI score0.02172EPSS

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server-side authentication against a SAM file might succeed with invalid credentials if the server had configured an invalid SAM file path. Clients based on FreeRDP are not affected by this issue. However...

AstraLinux•added last week•8 views

Astra Linux – Vulnerability in Rails

The Actionpack Ruby gem versions prior to 6.1.3.2, 6.0.3.7, 5.2.4.6, and 5.2.6 have a possible denial-of-service vulnerability in the Token Authentication logic of the Action Controller, due to overly permissive regular expressions. Affected code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.5AI score0.04808EPSS

Exploits1References2

AstraLinux•added last week•6 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

7.5CVSS6.8AI score0.00197EPSS

9.8CVSS5.6AI score0.00457EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: The comparison of MACs has been fixed to be at constant time. To prevent timing attacks, MACs need to be compared at constant time. Use the appropriate helper functions for this purpose...

AstraLinux•added last week•3 views

Astra Linux – Vulnerability in Tomcat9

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted elsewhere beyond the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not protected by the...

7.5CVSS7.9AI score0.03163EPSS

5.4CVSS6.7AI score0.02386EPSS

Astra Linux – Vulnerability in Linux

In the Bluetooth BR/EDR Core Specification v5.2 and earlier, legacy pairing and secure-connection pairing authentication mechanisms may allow an unauthenticated user to complete the authentication process without using pairing credentials through adjacent access. An unauthenticated, adjacent...

Exploits2References1

9.8CVSS6.8AI score0.01605EPSS

Astra Linux – Vulnerability in etcd

An authentication vulnerability has been discovered in Etcd-io v.3.4.10. This vulnerability allows remote attackers to escalate privileges through the debug function...

8.1CVSS8.2AI score0.43862EPSS

Astra Linux – Vulnerability in Zeromq3

There is a flaw in the zeromq server in versions before 4.3.3, located in src/decoderallocators.hpp. The decoder’s static allocator could have its size changed, but the buffer remains unchanged since it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zero...