Linux Distros Unpatched Vulnerability : CVE-2026-12151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of...

Linux Distros Unpatched Vulnerability : CVE-2026-6733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an...

CVE-2026-48773

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

CVE-2026-48772 ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

Astra Linux – Vulnerability in rsync

A vulnerability was discovered in rsync prior to version 3.2.5. This vulnerability allows malicious remote servers to write arbitrary files into the directories of connecting peers. The server determines which files/directories are sent to the client. However, the rsync client lacks sufficient...

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash...

Astra Linux – Vulnerability in Tomcat9

Improper input validation vulnerability. This issue affects Apache Tomcat: versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.49, and 9.0.0-M1 through 9.0.112. The following versions were at the end of their support lifecycles at the time the CVE was created, but are still affected: 8.5.0...

Astra Linux – Vulnerability in libvirt

A “off-by-one” error flaw was discovered in the udevListInterfacesByStatus function in libvirt, where the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fixed the issue where the RPC client cleaned up the freed pipefs directories. The cleanup of the RPC client’s pipefs directories is handled in the rpcremovepipedir function, which processes the workqueue. This function...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed out-of-bounds read vulnerabilities. The smtpsetupmsg function may disclose sensitive information from the process memory to an unauthenticated SMTP client...

Astra Linux – Vulnerability in Qemu

A flaw was discovered in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can result in the callback being fired later, thereby causing a use-after-free when using the channel. This vulnerability can be exploited by a malicious...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: Initialize ssifinfo-client early. During the probe process, ssifinfo-client is dereferenced in a faulty path. However, it is set after some error checking has already been performed. This causes a kernel crash if an...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing relied on cbData/remaining length, and never validated against the minimum size implied by cx/cy. A malicious server could trigger a client-side global buffer overflow, resulting in a crash...

Astra Linux – Vulnerability in libvncserver

A divide by zero issue was detected in libvncserver-0.9.12. A malicious client could exploit this flaw to send a specially crafted message. When this message is processed by the VNC server, it will cause a floating-point exception, resulting in a denial of service...

Astra Linux - Vulnerability in Golang-1.19

Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/TLS clients, as well as servers that have Config.ClientAuth set to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fixed kernel panic during warm reset. During warm reset, device-fwclient is set to NULL. If a bus driver is registered after this NULL setting and before new firmware clients are enumerated by ISHTP, a kernel...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: fixed the legacy client tracking initialization. Remove the nfsd4legacytrackingops-init call from checkforlegacymethods. This issue will be handled by the caller nfsd4clienttrackinginit. Otherwise, we will end up calling...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nfsd: returns -EINVAL when namelen is 0 When we have a corrupted main.sqlite file in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that ha...

Astra Linux - Vulnerability in Golang-1.19

A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...