35247 matches found
Astra Linux - уязвимость в libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the input stream being processed. No users are affected as long as they follow...
Astra Linux - уязвимость в ffmpeg
There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vffloodfill.c. This vulnerability may lead to memory corruption and other potential issues...
Astra Linux - уязвимость в qtbase-opensource-src
In Qt 5.9.x through 5.15.x before 5.15.9, and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when it was not found in the PATH...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context. TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework after the respective DMA operations are completed...
Astra Linux - уязвимость в ffmpeg
A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodecalloccontext3 in options.c...
Astra Linux - уязвимость в ffmpeg5
Buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code and cause a denial of service DoS via the afdialoguenhance.c:261:5 in the destereo component...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/stm: Avoid use-after-free issues with crtc and plane. The function drmstmload calls the functions drmcrtcinitwithplanes, drmuniversalplaneinit, and drmencoderinit. These functions should not be called with parameters...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fixed a UAF in ieee80211scanrx The ieee80211scanrx function attempts to access scanreq-flags after a null check. However, a UAF Use-after-Allocation was observed when the scan is completed and ieee80211scancomplet...
Astra Linux - уязвимость в ruby-rack
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parsed query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters. This allowed attackers to send requests...
Astra Linux - уязвимость в twisted
Twisted is an event-based framework for internet applications. It was introduced with version 0.9.4. At that time, when the host header did not match a configured host using twisted.web.vhost.NameVirtualHost, a “NoResource” resource would be returned. This caused the Host header to be rendered...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: Resources are freed when a device is unregistered. In the current code, the devresreleaseall function is only called if the device has a bus and has been probed. This leads to issues when using devices that lack a...
Astra Linux - уязвимость в golang-github-gin-gonic-gin
This affects all versions of the package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client’s IP address can be spoofed by setting the X-Forwarded-For header...
Astra Linux - уязвимость в ffmpeg5
It was discovered that FFmpeg versions n5.1 to n6.1 contain an Off-by-one Error vulnerability in the libavfilter/avfshowspectrum.c file. This vulnerability allows attackers to cause a Denial of Service DoS attack through crafted inputs...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: The mcbausb driver’s ndochangemtu function needs to be updated to prevent buffer overflows. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only...
Exploit for Download of Code Without Integrity Check in Gin-Gonic Gin
gin-vulnerable Demo consumer pinned to github.c...
Exploit for Incorrect Authorization in Vercel Next.Js
Himalaya Tech Admin Panel — CVE-2025-29927 Demo WARNING:...
Yii 输入验证错误漏洞
Yii is a high-performance PHP framework developed by the YII team. It is designed for developing large-scale web applications using components. Yii 2 versions 2.0.54 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a logical flaw in the cor...
Frappe 路径遍历漏洞
Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 15.105.0 and 16.15.0 have a path traversal vulnerability. This vulnerability arises from the possibility that path traversal may...
PT-2026-42259
Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.105.0 Frappe versions prior to 16.15.0 Description Frappe is a full-stack web application framework. A path traversal issue allows unauthenticated arbitrary file read on internet-facing surfaces, such as ERPNext. Ov...
Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of netty-codec-http
Summary Due to use of netty-codec-http, DevOps Test Performance and Rational Performance Tester contain potential HTTP Request Smuggling and Uncontrolled Resource Consumption vulnerabilities. Vulnerability Details CVEID:CVE-2026-42580 DESCRIPTION: Netty is an asynchronous, event-driven network...