7918 matches found
rrdtool: rrdtool: Stack buffer overflow allows local code execution or denial of service
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...
PYSEC-2026-381 Langroid has a Code Injection vulnerability in TableChatAgent
Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...
CVE-2026-52911
A flaw was found in the ksmbd component of the Linux kernel. This vulnerability allows an attacker to gain unauthorized access to session information or resources by exploiting an improper scope in the session binding mechanism. This could potentially compromise the integrity or confidentiality o...
ROS-20260622-73-0017
The vulnerability of the DOM component in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protecte...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba. The Samba smbd file server must map Windows group identities SIDs to Unix group IDs gids. The code responsible for this mapping contained a flaw that could allow it to read data beyond the end of the array, in the event that a negative cache entry was added to the...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel. A memory use-after-free vulnerability was identified in the perf subsystem, allowing a local attacker with permission to monitor perf events, thereby corrupting memory and potentially escalating privileges. The most significant threat of this vulnerabili...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel in versions prior to 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel. This allows anyone between the two endpoints to read the unencrypted...
Astra Linux – Vulnerability in Linux, Linux 5.10
A race condition was identified in the vtkioctl function within drivers/tty/vt/vtioctl.c in the Linux kernel. This may lead to an out-of-bounds read, as the write access to vcmode is not protected by a lock in vtioctl KDSETMDE. The primary threat of this vulnerability is data confidentiality...
Astra Linux – Vulnerability in libwebp
A flaw was discovered in libwebp in versions prior to 1.0.1. An out-of-bounds read was identified in the ChunkVerifyAndAssign function. The greatest threat posed by this vulnerability is related to data confidentiality and service availability...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick in versions prior to 7.0.11. There is a potential for a cipher leak when calculating signatures using TransformSignature. The greatest threat of this vulnerability is related to data confidentiality...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in several Ansible modules, where parameters containing credentials, such as “secrets,” were logged in plain text on managed nodes, and were also made visible on the controller node when run in verbose mode. These parameters were not protected by the “nolog” feature. An...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...
Astra Linux – Vulnerability in libwebp
A flaw was discovered in libwebp in versions prior to 1.0.1. A heap-based buffer overflow is possible in the function WebPDecodeRGBInto due to an invalid check for buffer size. The greatest threat from this vulnerability is related to data confidentiality and integrity, as well as system...
Astra Linux – Vulnerability in libhibernate3-java
A flaw was discovered in Hibernate-core in versions prior to and including 5.4.23.Final. An SQL injection occurs in the implementation of the JPA Criteria API; this allows unsanitized literals to be used in SQL comments within queries. This flaw could enable attackers to access unauthorized...
Astra Linux – Vulnerability in Ceph
An authentication flaw was discovered in Ceph versions prior to 14.2.20. When the monitor processes CEPHXGETAUTHSESSIONKEY requests, it does not sanitize otherkeys, allowing for key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid that has...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...
Astra Linux – Vulnerability in the 389-DS-base
A flaw was discovered in RHDS 11 and RHDS 12. While browsing entries using LDAP, the system attempts to decode the userPassword attribute instead of the userCertificate attribute, which could lead to sensitive information being leaked. An attacker with a local account where cockpit-389-ds is...
Astra Linux – Vulnerability in PostgresSQL 11
A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, ther...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage, which is potentially vulnerable to attacks via XSS attacks. The most significant threat of this vulnerability is related to data...