CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS6.1AI score0.51242EPSS

Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk.Authenticated users can issue HRANDFIELD or ZRANDMEMBER commands with specially crafted arguments to trigger a denial-of-service attack, causing Redis to crash due to an assertion failure. This vulnerability affects Redis versions 6.2 or...

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в openssl

In addition to the crehash shell command injection identified in CVE-2022-1292, further instances where the crehash script fails to properly sanitize shell metacharacters to prevent command injection were discovered during code reviews. When CVE-2022-1292 was fixed, it wasn’t recognized that ther...

10CVSS7.3AI score0.20216EPSS

Exploits6References2

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в ruby-nokogiri

A command injection vulnerability exists in Nokogiri v1.10.3 and earlier. This vulnerability allows commands to be executed in a subprocess via Ruby’s Kernel.open method. Processes become vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is called with unsafe user input ...

9.8CVSS7.2AI score0.09316EPSS

Exploits0References1

5.5CVSS6.3AI score0.00099EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: fixed a memory leak in hciupdateadvdata. When hcicmdsyncqueue fails in hciupdateadvdata, the instptr is not freed, which can lead to a memory leak. To address this issue, ERRPTR/PTRERR was used instead of...

8.6CVSS7.1AI score0.00329EPSS

Astra Linux - уязвимость в less

The value “less through 653” allows for OS command execution via a newline character in the file name, due to improper handling of quotes in the filename.c file. Exploitation typically requires the use of file names controlled by the attacker, such as those extracted from untrusted archives...

7.1CVSS5.2AI score0.00014EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ice: Fixed locking issues related to the flushing of Tx timestamp tracking. The commit 4dd0d5c33c3e “ice: added locking around the Tx timestamp tracker flushing” added a lock around the Tx timestamp tracker process, which is...

8.8CVSS7.3AI score0.00618EPSS

Astra Linux - уязвимость в thunderbird

During the plaintext phase of the STARTTLS connection setup, protocol commands could be injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

Exploits1References1

5.5CVSS6.5AI score0.00007EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fix command flush on cable pull The system crashed due to a command failing to be flushed back to the SCSI layer. Bug: Unable to handle a NULL pointer dereferencing in the kernel at address 0000000000000000. PGD...

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в virglrenderer

A out-of-bounds read in the vrendblitneedswizzle function in vrendrenderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGLCCMDBLIT commands...

7.1CVSS6.5AI score0.00105EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: irtoy: fix a memleak in irtoytx. When irtoycommand fails, the buffer should be freed, as it is allocated by irtoytx; otherwise, there may be a memleak...

5.5CVSS6.1AI score0.00012EPSS

6.3CVSS6.8AI score0.01322EPSS

Astra Linux - уязвимость в libreoffice

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint servers. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice, links using this scheme could be used to invoke internal macr...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in acioctl This vulnerability was discovered by Atuin – an automated vulnerability discovery engine. In acioctl, the validation of IndexCard and the check for a valid RamIO pointer are...

5.2AI score0.00049EPSS

4.3CVSS5.8AI score0.00035EPSS

Astra Linux - уязвимость в chromium

Inappropriate implementation in the installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control through a crafted command. Chromium security severity: Low...

8CVSS6.9AI score0.00801EPSS

Astra Linux - уязвимость в python3.7, python2.7

In Python aka CPython, up to version 3.10.8, the mailcap module does not add escape characters to commands found in the system’s mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if those commands lack validation of...

Exploits1References2

7.8CVSS6.5AI score0.00017EPSS

Astra Linux - уязвимость в linux-5.10, linux

A use-after-free flaw was discovered in the Linux kernel before version 5.19.2. This issue occurs in the cmdhdlfilter function in the drivers/staging/rtl8712/rtl8712cmd.c file, allowing an attacker to launch a local denial-of-service attack and gain elevated privileges...