Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

The qfqchangeclass function in net/sched/schqfq.c in the Linux kernel before version 6.2.13 allows a out-of-bounds write vulnerability, as lmax can exceed QFQMINLMAX...

PT-2026-6812

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions prior to 6.2.7 Description Wing FTP Server versions prior to 6.2.7 have a cross-site request forgery CSRF issue in the web administration interface. This allows attackers to delete administrative users by crafting a...

CVE-2023-32547

Incorrect default permissions in the MAVinci Desktop Software for IntelR Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access...

PT-2024-18587 · Unknown · Te Informatics V5

Name of the Vulnerable Software and Affected Versions: TE Informatics V5 versions before 6.2 Description: The issue is related to Improper Neutralization of Script-Related HTML Tags in a Web Page, which allows Reflected XSS. This can be exploited to execute malicious scripts on the victim's...

PT-2024-21202 · Skymoonlabs · Skymoonlabs Moveto

Name of the Vulnerable Software and Affected Versions: Skymoonlabs MoveTo versions prior to 6.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for potential exploitation by injecting malicious SQ...

DedeBIZ Code Issue Vulnerability

DedeBIZ is a content management system from the Chinese company Muyun Intelligent Technology DedeBIZ. A code issue vulnerability exists in Muyun DedeBIZ versions prior to 6.2.12, which stems from the component Add Attachment Handler that causes unrestricted uploads...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 6.2.5, which stems from a problem with the card reader driver, where objects may go beyond the end of their...

DEBIAN-CVE-2021-31294

Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in versions of Linux kernel prior to 6.2, which stems from improper locking and can be exploited by a local attacker to perform a denia...

UBUNTU-CVE-2023-31436

qfqchangeclass in net/sched/schqfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQMINLMAX...

AZL-25807 CVE-2023-1544 affecting package qemu for versions less than 6.2.0-23

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of...

AZL-25674 CVE-2023-28425 affecting package redis for versions less than 6.2.12-1

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

SUSE CVE-2017-3604

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

SUSE CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

PT-2022-6640 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2 Description: The issue is related to the ntfs3 subsystem in the Linux kernel, which does not properly check for correctness during disk reads. This leads to an out-of-bounds read in the ntfs set ea function ...

AZL-35161 CVE-2022-35414 affecting package qemu for versions less than 6.2.0-18

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translatefail path, leading to an ioreadx or iowritex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use ca...

GHSA-JJF5-WX3J-3FV7 Prototype Pollution in convict

This affects the package convict before 6.2.3. This is a bypass of CVE-2022-22143. The fix introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with proto or this.constructor.prototype. To bypass this check it's...

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.

...

CVE-2021-27646

Use After Free vulnerability in iscsisnapshotcommcore in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests...

GHSA-HJ69-C76V-86WR Out-of-bounds Read in Pillow

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...