Lucene search
K

16929 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in glibc

A out-of-bounds write vulnerability was discovered in glibc before version 2.31, when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution...

7CVSS7AI score0.00537EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in librabbitmq

A vulnerability was discovered in the C AMQP client library also known as rabbitmq-c for RabbitMQ in versions up to 0.13.0. credentials can only be entered via the command line e.g., for amqp-publish or amqp-consume, and therefore they are visible to local attackers who can list processes along...

5.5CVSS5.5AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: libceph: fixed invalid accesses to cephconnectionv1info. There is a place where generic code in messenger.c reads from certain fields, and another place where it writes to members of the con-v1 union without checking that those...

7.8CVSS6.5AI score0.00144EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in glibc

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc from version 2.34 onwards copies the path argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the applicati...

9.8CVSS7.1AI score0.04729EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in glibc

The iconv function in the GNU C Library also known as glibc or libc6 versions 2.32 and earlier, when processing invalid multi-byte input sequences in encodings such as IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399, fails to advance the input state properly. This can lead to an infinite loop in...

5.5CVSS6.3AI score0.00887EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: mlxsw: spectrumaclerp: Fixed object nesting warnings ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but t...

5.5CVSS6.3AI score0.00218EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin Assignments A poorly implemented DisplayPort Alt Mode port partner may indicate that its pin assignment capabilities exceed the maximum value, DPPINASSIGNF. In this case,...

5.5CVSS6.2AI score0.0017EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in glibc

A flaw has been identified in glibc. In a rare situation, the gaihinet function may use memory that has already been freed, leading to an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

5.9CVSS6.6AI score0.01655EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in glibc

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...

9.8CVSS7AI score0.04211EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in glibc

NSCD: The NetGroup Cache may terminate the daemon due to a memory allocation failure. The NetGroup Cache Daemon’s NSCD netgroup cache uses xmalloc or xrealloc, and these functions may terminate the process due to a memory allocation failure, resulting in a denial of service for clients. This flaw...

7.3CVSS6.7AI score0.01075EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in binutils

“findabstractinstance” in dwarf2.c, located in the Binary File Descriptor BFD library also known as libbfd, as part of GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash through a crafted ELF file...

6.5CVSS6.8AI score0.02752EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:10 a.m.15 views

Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51088

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj is a JSON parser and Object marshaller for Ruby. A Use-After-Free issue exists when using the Oj::Parser in SAJ mode. The parser fails to protect cached object keys of 35 bytes or more from garbage...

8.7CVSS5.7AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51083

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Doc iterators each value, each child, each leaf are subject to a heap use-after-free. This occurs when a Ruby block yielded during iteration calls doc.close or d.close, causing the document's heap...

8.7CVSS5.7AI score0.00117EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/16 10:6 a.m.59 views

binary-exploitation-labs

Binary Exploitation & Reverse Engineering Labs Hands-on labs...

5.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/15 8:9 p.m.9 views

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 8:9 p.m.6 views

GHSA-63HW-FMQ6-XXG2 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:22 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by command injection.

Summary glob-10.4.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-64756. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command...

7.5CVSS6.5AI score0.03092EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.29 views

CVE-2025-55641

A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49591

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the C parser of the asynchronous HTTP client/server framework where the max line size check can be bypassed in parts of an HTTP request. When using the optimized C parser, which i...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References20
Rows per page
Query Builder