70729 matches found
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...
Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes
Modern attack surfaces don’t sit still. Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but actually operationalizing that visibility is. Surface Command was built to uni...
EUVD-2026-31072
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...
Astra Linux - уязвимость в tomcat9
Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions from 11.0.0-M1...
Astra Linux - уязвимость в vim
Vim is vulnerable to Heap-based Buffer Overflow attacks...
Astra Linux - уязвимость в samba
A flaw was identified in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. If Samba’s AD DC did not strictly require a Kerberos PAC and always used the SIDs contained within it, it could become confused about the user represented by a ticket...
Astra Linux - уязвимость в gimp
GIMP JP2 File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux - уязвимость в memcached
In memcached 1.5.16, when UNIX sockets are used, there is a stack-based buffer over-read issue in the conntostr function in memcached.c...
Astra Linux - уязвимость в jose
Latchset JOSE with version 11 allows attackers to cause a denial of service CPU consumption by using a large p2c value also known as PBES2 Count...
Astra Linux - уязвимость в gpac
Stack-based Buffer Overflow in the GitHub repository gpac/gpac before version 2.2.2...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: brcmfmac: cfg80211 – Handle SSID-based PMKSA deletion wpasupplicant 2.11 sends commands for PMKSA flush based on SSID from version 1efdba5fdc2c “Handle PMKSA flush in the driver for SAE/OWE offload cases”. The brcmfmac...
Astra Linux - уязвимость в zabbix
The Zabbix server can execute commands for configured scripts. After the command is executed, an audit entry is added to the “Audit Log”. Since the “clientip” field is not sanitized, it is possible to inject SQL code into the “clientip” field, resulting in time-based blind SQL injection attacks...
Astra Linux - уязвимость в openimageio
There is a heap-based buffer overflow vulnerability in the tile decoding code of the TIFF image parser in OpenImageIO’s master-branch-9aeece7a and v2.3.19.0. A specially crafted TIFF file can lead to out-of-bounds memory corruption, which may result in arbitrary code execution. An attacker can...
Astra Linux - уязвимость в vim
Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a stack-out-of-bounds read in l2capecredconnreq. Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd, which is triggered by a malformed Enhanced Credit Based Connection Request. The...
Astra Linux - уязвимость в libsdl1.2, libsdl2
In SDLGetRGB in the video/SDLpixels.c file, there is a heap-based buffer over-read issue in versions from 1.2.15 up to 2.x, and from 2.0.9 onwards...
Astra Linux - уязвимость в linux, linux-5.10
A issue was discovered in the Linux kernel through version 5.16.11. The mixed IPID assignment method, combined with the hash-based IPID assignment policy, allows an off-path attacker to inject data into a victim’s TCP session or terminate that session...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4851: fix ad4858 channel pointer handling The pointer returned by ad4851parseChannelscommon is incremented internally as each channel is populated. In ad4858ParseChannels, the same pointer was further incremented whil...
Astra Linux - уязвимость в ofono
oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
Astra Linux - уязвимость в gst-plugins-base1.0
GStreamer PGS File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Exploiting this vulnerability requires interaction with this library, but the attack vectors...