CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.8CVSS5.4AI score0.00308EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: The system now validates the entire DACL before rewriting it using cifsacl. The functions buildsecdesc and idmodetocifsacl derive a pointer to the DACL from a dacloffset provided by the server. They then use the...

7.1CVSS5.5AI score0.00125EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The validation of response sizes in ipcvalidatemsg has been improved. ipcvalidatemsg calculates the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon’s...

7.1CVSS5.7AI score0.00126EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix an off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value. However, eadata is located at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at...

8.8CVSS7.4AI score0.17103EPSS

Astra Linux - уязвимость в firefox, thunderbird

An attacker could have sent a message to the parent process, with the contents being used to index into a JavaScript object twice. This would lead to prototype pollution, and ultimately, attacker-controlled JavaScript would execute in the privileged parent process. This vulnerability affects...

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Do not log keys during SMB3 signing and encryption key generation. When the KSMBDDEBUGAUTH logging option is enabled, the functions generatesmb3signingkey and generatesmb3encryptionkey log the bytes of the session, signing...

8.1CVSS5.3AI score0.00248EPSS

5.5CVSS5.7AI score0.00135EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed “ksmbd: validate command payload size”, except for the SMB2OPLOCKBREAKHE command, the request size of other commands is not checked—this is not expected. This issue was...

5.5CVSS6.1AI score0.00096EPSS

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed an oops during encryption When running xfstests against Azure, the following oops occurred on an arm64 system: Unable to handle kernel writes to read-only memory at virtual address ffff0001221cf000 Mem abort info:...

7.8CVSS7.6AI score0.0025EPSS

Astra Linux - уязвимость в ofono

oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

8.8CVSS5.6AI score0.00218EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: The split caching of bitfields in cachedfid was introduced to avoid race conditions involving shared-byte registers. The functions isopen, haslease, and onlist are stored in the same bitfield byte within the struc...

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: Client: Fixed an error in parsing OOB read responses for symlinks. When a CREATE command results in a STATUSSTOPPEDONSYMLINK status code, the smb2checkmessage function returns a success status without performing any lengt...

8.1CVSS5.9AI score0.00378EPSS

7.8CVSS5.4AI score0.00119EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net-shapers: Do not free the reply skb after genlmsgreply. genlmsgreply passes the reply skb to netlink, and netlinkunicast consumes it on all return paths, regardless of whether the skb is successfully queued or freed due to an...

6.5CVSS6.7AI score0.01094EPSS

Astra Linux - уязвимость в linux-5.15

A use-after-free flaw was discovered in the smb2isstatusiotimeout function in CIFS within the Linux kernel. After CIFS transfers response data via a system call, there are still local variables pointing to the memory region. If the system call frees those pointers faster than CIFS uses them, CIFS...

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в protobuf

Dereferencing a null pointer when a null char is present in a prototype symbol. The symbol is parsed incorrectly, resulting in an unchecked call into the name of the prototype file during the generation of the resulting error message. Since the symbol is incorrectly parsed, the file value is...

6.5CVSS6.6AI score0.0266EPSS

7.5CVSS6.9AI score0.01151EPSS

Astra Linux - уязвимость в protobuf

A parsing vulnerability exists for the MessageSet type in ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1, and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1, and 4.21.5 for protobuf-python. A specially...

9.1CVSS6.7AI score0.01059EPSS

Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel before version 6.3.8. In the file fs/smb/server/connection.c of ksmbd, the relationship between the length field of the NetBIOS header and the sizes of the SMB headers is not validated, as handled through the pdudsize function in ksmbdconnhandlerloop. Th...

8.1CVSS7.3AI score0.01006EPSS

Astra Linux - уязвимость в ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was detected within the smsdecodeaddressfield function during the SMS PDU decoding process. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, ...