41369 matches found
PT-2026-36914
Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the firewall.cgi binary across five request handlers due to insufficient input validation. Attackers can inject arbitrary shell commands...
PT-2026-37149
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Authenticated users can cause a denial of service by uploading large amounts of data, which may exhaust the disk space of the Incus server and potentially crash the host system. This occurs because...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: - BPF: The rcureadlockTraceheld function in bpfmaplookuppercpuelem needs to be checked. The bpfmaplookuppercpuelem helper function is also available for sleepable BPF programs. When BPF JIT is disabled or on a 32-bit host,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several issues with the way the hyp code lazily saves the host’s FPSIMD/SVE state. These include: The host SVE state is unexpectedly discarded due to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in the struct vhosttask. The vhosttaskcreate function creates a task and maintains a reference to its taskstruct. This task may exit early due to a signal, and its taskstruct will be released. ...
Astra Linux – Vulnerability in Qemu
An integer overflow issue was identified in the vmxnet3 NIC emulator of QEMU for versions up to v5.2.0. This issue can occur if a guest provides invalid values for the rx/tx queue size or other NIC parameters. A privileged guest user may exploit this flaw to crash the QEMU process on the host,...
Astra Linux – Vulnerability in Flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak applications that had direct access to AFUNIX sockets—such as those used by Wayland, Pipewire, or pipewire-pulse—could trick portals and other host-...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fixed the refcount leak in ohcihcdnxpprobe. ofparsephandle returns a node pointer with a refcount incremented; we should use ofnodeput on it when it is no longer needed. Add ofnodeput to avoid the refcount leak...
Astra Linux – Vulnerability in docker.io-app
BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could exploit a feature that removes empty files created for the mountpoints, causing the file to be removed from...
Astra Linux – Vulnerability in Zabbix
A authenticated user can create a hosts group using the configuration with XSS payload, which will be available to other users. When XSS is stored by an authenticated malicious actor, and other users attempt to search for groups during the creation of new hosts, the XSS payload will activate,...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in the solariszone module from the Ansible Community modules. When setting the name of a zone on the Solaris host, the zone name is checked by listing the process using the ‘ps’ command on the remote machine. An attacker could exploit this flaw by creating a fake zone name a...
Astra Linux – Vulnerability in exim4
Exim before version 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Avoid NULL ptr deref in vchiqdumpplatforminstances vchiqgetstate can return a NULL pointer. So handle this cases and avoid a NULL pointer derefence in vchiqdumpplatforminstances...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: A UAF use-after-free occurred during login when accessing the host’s IP address. If the iscsitcpr2tpoolalloc function fails during iscsiswtcpsessioncreate, the user space may access the host’s IP address. If the...
Astra Linux – Vulnerability in avahi
A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion in the avahialternativehostname function...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm: Pause TCM when the firmware is stopped Not doing so will cause us to send a host command to the transport while the firmware is inactive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 ...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xHCI: Corruption of the command ring pointer occurred during command aborts. The command ring pointer is located at bits 6:63 of the command ring control register CRCR. All control bits, such as those related to command stopping...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: usb: host: xhci: Fixed a potential memory leak in xhciallocstreaminfo The xhciallocstreaminfo function allocates a stream context array for streaminfo-streamctxarray using xhciallocstreamctx. When an error occurs, the...
Astra Linux – Vulnerability in edk2
EDK2’s Network Package is vulnerable to a buffer overflow vulnerability when processing the DNS Server option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or...
Astra Linux – Vulnerability in HAPProxy
A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue can lead to a situation where the HTTP Host header is controlled by an attacker, due to a mismatch between the Host field and its corresponding authority value being mishandled...