81839 matches found
EUVD-2026-31072
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...
CVE-2026-47784
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...
CVE-2026-47783
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...
UBUNTU-CVE-2026-47784
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, and VLAN entries when unbinding them. As explained in many places, such as commit b117e1e8a86d “net: dsa: delete dsalegacyfdbadd and dsalegacyfdbdel”, DSA is written under the assumption that higher...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: vxlan: Data race annotations The “used” and “updated” fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to issues like reported in 1. This issue can be reproduced using 2. These issues...
Astra Linux - уязвимость в postgresql-11
Over-reading of buffers in PostgreSQL’s GB18030 encoding validation allows a database input provider to cause temporary denial of service on platforms where a 1-byte over-reading can lead to process termination. This issue affects both the database server and libpq. Versions prior to PostgreSQL...
Astra Linux - уязвимость в redis
Redis is an in-memory database that persists data on disk. A specially crafted Lua script executed in Redis can trigger a heap overflow in the cjson library, leading to heap corruption and potentially remote code execution. This issue exists in all versions of Redis that support Lua scripting,...
Astra Linux - уязвимость в chromium
Before version 102.0.5005.61, using the "after free" feature in Indexed DB in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в rails
There is a potential escalation to an RCE vulnerability when using YAML serialized columns in Active Record versions 7.0.3.1, 6.1.6.1, 6.0.5.1, and 5.2.8.1. This could allow an attacker, who can manipulate data in the database through methods like SQL injection, to escalate the attack to an RCE...
Astra Linux - уязвимость в hsqldb1.8.0, hsqldb
A flaw was discovered in the Libreoffice package. An attacker can create an odb file that contains a “database/script” file with a SCRIPT command. The contents of this file can then be written into a new file, whose location is determined by the attacker...
Astra Linux - уязвимость в sqlite3
In SQLite, from version 3.30.1 onwards, alter.c allows attackers to trigger infinite recursion through certain types of self-referential views in conjunction with ALTER TABLE statements...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Maps shared memory as WC, not WB. Linux does not write to the cmd-db region. This memory region is protected from writing by XPU. XPU may sometimes incorrectly detect a clean cache eviction as a “write” to the...
Astra Linux - уязвимость в pgpool2
In Pgpool-II, there is a risk of exposing sensitive information due to incompatible policy issues. If a database user accesses the query cache, unauthorized table data may be retrieved for that user...
Astra Linux - уязвимость в pgpool2
The Pgpool-II provided by PgPool Global Development Group contains a authentication bypass vulnerability as a primary weakness. If this vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, the generation of the list of MDB events to replay competed with the creation of new group memberhips, either through the IGMP/MLD snoopin...
Astra Linux - уязвимость в bluez
A issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free condition can occur when a client disconnects during D-Bus processing of a WriteValue call...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/jfs: Added validation for dbmaxag and dbagpref. Both dbmaxag and dbagpref are used as indexes for the dbagfree array. However, there is currently no validation for these values, which can lead to errors. The following is a...
Astra Linux - уязвимость в exim4
Exim dnsdb Out-of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: nexthop: It is now forbidden to change the FDB status while the nexthop is in a group. The kernel prevents the creation of non-FDB nexthop groups that also have FDB nexthops. Example: ip nexthop add id 1 via 192.0.2.1 fdb ip...