Lucene search
K

12664 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in grub2

Out-of-bounds write when handling split HTTP headers: When dealing with split HTTP headers, GRUB2’s HTTP code accidentally moves its internal data buffer point by one position. This can lead to an out-of-bounds write during the parsing of the HTTP request, resulting in writing a NULL byte beyond...

8.1CVSS7.7AI score0.01131EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Python-Django

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of the Accept-Language header are cached in order to avoid repeated parsing. This can lead to a potential denial-of-service vulnerability due to excessive memory usage if the raw value of the Accept-Language...

7.5CVSS6.4AI score0.47102EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux - Vulnerability in Golang-1.23

The HTTP client discards sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header, which is redirected to b.com/, will not send that header to b.com. However, if the client receives a subsequent same-domain redirect, the...

6.1CVSS6.7AI score0.00647EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...

7.5CVSS7.1AI score0.02996EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux - Vulnerability in Golang-1.19

When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as “Authorization” or “Cookie”. For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but ...

4.3CVSS6.3AI score0.0108EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these...

9.8CVSS6.9AI score0.00382EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Zabbix

The HttpRequest object allows you to retrieve the HTTP headers from the server’s response after sending a request. The issue is that the returned strings are created directly from the data sent by the server and are not properly encoded for JavaScript. This enables the creation of internal string...

9.1CVSS7.7AI score0.00952EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Python 3.11, Python 3.7

The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. The new behavior will reject incorrectly folde...

6CVSS7.1AI score0.0056EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...

7.5CVSS6.1AI score0.01996EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, as well as 10.0.0 and 11.0.0, when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e., q parameters, the server may enter a Denial-of-Service DoS state due to high CPU usage in processing...

5.3CVSS6.5AI score0.7795EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Tomcat9

There is an input validation vulnerability in Apache Tomcat. Versions of Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81, and from 8.5.0 through 8.5.93 did not properly parse HTTP trailer headers. A specially crafted, invalid trailer header...

5.3CVSS6.7AI score0.05848EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

Guests can trigger the reset/abort/crash of the NIC interface through netback. It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux-based network backend by sending certain types of packets. It seems to be an unstated assumption in the rest of the Linux network stack...

6.5CVSS6.5AI score0.00463EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in tar

In the sparse.c file of GNU Tar, before version 1.32, there was a NULL pointer dereferencing issue when parsing certain archives that contained malformed extended headers...

7.5CVSS6.6AI score0.03028EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: kheaders: Use an array declaration instead of a char. Under CONFIGFORTIFYSOURCE, memcpy will check the size of the destination and source buffers. Defining kernelheadersdata as “char” would trigger this check. Since these address...

5.8AI score0.00191EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec – Fix for memory leak in the elf header buffer This issue was reported by the kmemleak detector: Unreferenced object: 0xff2000000403d000 size 4096 Command: “kexec”, PID: 146, Jiffies: 4294900633 age: 64.792 seconds...

5.9AI score0.00198EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fixed the memory leak in the elf header buffer. This issue was reported by the kmemleak detector: Unreferenced object 0xffffc900002a9000 size 4096: comm “kexec”, pid 14950, jiffies 4295110793 age 373.951s Hex dump firs...

5.5CVSS6.4AI score0.00264EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: Do not assume adequate headroom for SDIO headers The function mt7921usbsdiotxprepareskb calls mt7921usbsdiowritetxwi and mt7921skbaddusbsdiohdr. Both functions blindly assume that adequate headroom will be available...

5.1AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in python-httplib2

In httplib2 before version 0.18.0, an attacker who controlled unescaped parts of the URI for httplib2.Http.request could alter request headers and the request body, and send additional hidden requests to the same server. This vulnerability affects software that uses httplib2 with URIs constructed...

6.8CVSS6.4AI score0.02593EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Tomcat9

When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...

7.5CVSS6.8AI score0.18114EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Twisted

Twisted is an event-driven networking engine written in Python. In affected versions, Twisted exposes cookies and authorization headers when performing cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web.BrowserLikeRedirectAgent functions. Users are advis...

7.5CVSS7.2AI score0.01381EPSS
Exploits0References2
Rows per page
Query Builder