81991 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, the generation of the list of MDB events to replay competed with the creation of new group memberhips, either through the IGMP/MLD snoopin...
Astra Linux - уязвимость в hsqldb1.8.0, hsqldb
A flaw was discovered in the Libreoffice package. An attacker can create an odb file that contains a “database/script” file with a SCRIPT command. The contents of this file can then be written into a new file, whose location is determined by the attacker...
Astra Linux - уязвимость в bluez
A issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free condition can occur when a client disconnects during D-Bus processing of a WriteValue call...
Astra Linux - уязвимость в sqlite3
In SQLite, from version 3.30.1 onwards, alter.c allows attackers to trigger infinite recursion through certain types of self-referential views in conjunction with ALTER TABLE statements...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/jfs: Added validation for dbmaxag and dbagpref. Both dbmaxag and dbagpref are used as indexes for the dbagfree array. However, there is currently no validation for these values, which can lead to errors. The following is a...
Astra Linux - уязвимость в rpm
A flaw was discovered in RPM’s hdrblobInit function in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The greatest threat from this vulnerability is to system availability...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB version 10.5.9 allows an application crash in the findfieldintables and findorderinlist functions due to an unused common table expression CTE...
Astra Linux - уязвимость в bluez
The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...
Astra Linux - уязвимость в h2database
The H2 Console before version 2.1.210 allowed remote attackers to execute arbitrary code through a jdbc:h2:mem JDBC URL that contained the IGNOREUNKNOWNSETTINGS=TRUE;FORBID CREATION=FALSE;INIT=RUNSCRIPT substring. This is a different vulnerability than CVE-2021-42392. source-iocs-preserved...
Astra Linux - уязвимость в chromium
The use of “after free” in the Cart component in Google Chrome before version 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through database corruption and a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в h2database
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes the class name of the driver and the URL of the database as parameters. An attacker may pass in a JNDI driver name and a URL that points to an LDAP or RMI server, allowing for remote code execution. This vulnerability can be...
Astra Linux - уязвимость в postgresql-11
A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, ther...
Astra Linux - уязвимость в rpm
A flaw was discovered in the RPM package’s read functionality. This flaw allows an attacker to persuade a victim to install a seemingly verifiable package, or to compromise an RPM repository, thereby causing corruption of the RPM database. The most significant threat posed by this vulnerability i...
Astra Linux - уязвимость в samba
In DCE/RPC, it is possible to share handles cookies for resource state between multiple connections through a mechanism called “association groups”. These handles can reference connections to our sam.ldb database. However, while the database is correctly shared, the user credentials are only...
Astra Linux - уязвимость в chromium
The use of “after free” in the Cart component in Google Chrome before version 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through database corruption and a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux
The Linux kernel up to version 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database also known as dbx protection mechanism. This issue affects the certs/blacklist.c and certs/systemkeyring.c files...
Astra Linux - уязвимость в gpac
A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...
Astra Linux – Vulnerability in rpm
A flaw was discovered in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can persuade a victim to install a seemingly verifiable package, whose signature header was modified, to cause corruption of the RPM database and execute malicious code. The...
Astra Linux - уязвимость в sqlite3
A flaw was discovered in SQLite’s SELECT query functionality src/select.c. This flaw allows an attacker who is capable of executing SQL queries locally on the SQLite database to cause a denial of service or potentially lead to code execution by triggering a use-after-free. The most significant...
CVE-2026-47784
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...