6308 matches found
CVE-2026-44073
Netatalk 1.5.0–4.4.2 contains a vulnerability where seteuid() return values were not checked in authentication modules, potentially allowing a remote authenticated attacker to retain elevated privileges under error conditions. The issue is fixed in Netatalk 4.5.0. Impact is described as elevation...
Multiple Node.js Modules compromised in self-spreading npm supply chain attack (mini-Shai-Hulud) (05/11/2026)
The remote host has a version of one or more Node.js modules installed known to be compromised in the self-spreading 'mini-Shai-Hulud' npm supply chain attack reported on 05/11/2026. This wave is tracked separately from the original Shai-Hulud campaign because of distinct compromised maintainers...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
HOV4X
HOV4X HOVAX - 45 Modules Security Toolkit for Penetration Test...
Astra Linux - уязвимость в linux-astra-modules-5.10, linux-astra-modules-5.15, linux-astra-modules-6.1
The vulnerability of Linux Astra Modules relates to the provision of unlimited memory. Exploiting this vulnerability allows a hacker to trigger a service failure using a specially created elf file...
Astra Linux - уязвимость в linux-5.10, linux
Dm-verity is used to extend the root-of-trust to root file systems. LoadPin builds upon this feature to restrict module/firmware loads to only the trusted root file system. Currently, device-mapper table reloads allow users with root privileges to replace the target with an equivalent dm-linear...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: powerpc64/ftrace: fixed the issue of module loading without patchable function entries. getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export dat...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: The registration of structops that uses the module ptr was rejected, and the module btfid is missing. There is a UAF report in bpfstructops when CONFIGMODULES=n. Specifically, the issue relates to tcpcongestionops, which has...
Astra Linux - уязвимость в linux, linux-5.10
An integer overflow or wrap-around vulnerability exists in the OpenEuler kernel on Linux file system modules, allowing for forced integer overflow. This issue affects the OpenEuler kernel, starting from version 4.19.90, up to and including version 4.19.90-2401.3, as well as versions 5.10.0-60.18....
Astra Linux - уязвимость в linux-astra-modules-5.4, linux-astra-modules-5.15, linux-astra-modules-5.10
The vulnerability of the pdplget function in the Linux-astra-modules kernel module is related to the assignment of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в ansible
A flaw was discovered in Ansible Engine, affecting versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, 2.9.x before 2.9.7, as well as Ansible Tower in versions 3.4.5, 3.5.5, and 3.6.3. This issue occurs when using modules that decrypt vault files, such as assemble, script, unarchive, wincopy, awss...
Astra Linux - уязвимость в linux, linux-6.1, linux-5.15, linux-5.10, linux-astra-modules-5.4, linux-astra-modules-6.1, linux-astra-modules-5.10, linux-astra-modules-5.15
The vulnerability of Linux Astra Modules’ kernel modules is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...
Astra Linux - уязвимость в linux-astra-modules-5.10, linux-astra-modules-5.15, linux-astra-modules-6.1
The vulnerability of Linux Astra Modules relates to errors during thread blocking. Exploiting this vulnerability allows an attacker to compromise data integrity and also cause service failures through the use of a specially created file system...
Astra Linux - уязвимость в linux-astra-modules-5.4, linux-astra-modules-5.10
The vulnerability of the parsec inodegetsecid function in the linux-astra-modules kernel module is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause service failures...
Astra Linux - уязвимость в linux-astra-modules-5.10, linux-astra-modules-6.1, linux-astra-modules-5.15
The vulnerability of Linux Astra Modules’ kernel modules is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...
Astra Linux - уязвимость в linux-astra-modules-5.4, linux-astra-modules-5.10
The vulnerability of the parsechooksetxattr function in the Linux kernel-module astra-modules is related to the lack of checking for the returned value. Exploiting this vulnerability allows a perpetrator to cause a service failure...
Astra Linux - уязвимость в apache2
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch, especially when an extremely large input buffer is used. Although no code distributed with the server can be forced to make such a call, third-party modules or Lua scripts that us...
Astra Linux - уязвимость в golang-1.19
The go command may generate unexpected code during build time when using cgo. This can lead to unexpected behavior when running a Go program that uses cgo. This issue may occur when running a trusted module that contains directories with newline characters in their names. Modules retrieved using...