Astra Linux - уязвимость в linux, linux-5.10

Rogue backends can cause Denial of Service DoS attacks on guests through high-frequency events. This CNA information record relates to multiple Common Vulnerabilities and Exposures CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Xen allows for the execution of PV...

CVE-2026-41496

CVE-2026-41496 affects PraisonAI’s multi‑agent system where 9 conversation backends (MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB) pass table_prefix directly into SQL, enabling unvalidated injection points (52 total). Root cause mirrors CVE-2026-40315 ...

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

CVE-2025-13918

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are...

PT-2025-6627 · Rsa · Emc Rsa Authentication Manager

Name of the Vulnerable Software and Affected Versions: RSA Authentication Manager versions prior to 8.7 SP2 Patch 1 Description: The issue allows XML External Entity XXE attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cann...

DEBIAN-CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue...

DEBIAN-CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

Zyxel ATP 安全漏洞

Zyxel ATP is a firewall from China Heqin Zyxel. A security vulnerability exists in Zyxel ATP versions V4.32 through V5.36 Patch 1, which stems from the presence of a buffer overflow vulnerability that could allow an unauthenticated attacker to cause a denial of service DoS, or even remotely execu...

SUSE CVE-2023-25563

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of...

SUSE CVE-2013-1088

Cross-site request forgery CSRF vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container...

Symantec Endpoint Protection 安全漏洞

Symantec Endpoint Protection SEP is a suite of antivirus software from Symantec, USA. The software provides security features across physical and virtual systems. A security vulnerability exists in Symantec Endpoint Protection Windows versions prior to 14.3 RU6/14.3 RU5 Patch 1, which stems from...

PT-2022-5182 · Nginx · Nginx Plus +1

Name of the Vulnerable Software and Affected Versions: NGINX Plus versions prior to R27 P1 and R26 P1 Description: The issue is related to a buffer overflow in the ngx http hls module of NGINX Ingress Controller, which can be exploited to cause a denial of service or potentially other impacts. Th...

RSA Archer 安全漏洞

RSA Security RSA Archer is an enterprise IT governance and compliance management product from RSA Security, which includes policy, risk and compliance definition and management. It is capable of aggregating all of our enterprise assets, as well as some of the monitored information, and organizing...

CVE-2022-23312

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP9 Security Patch 1. The integrated web application "Online Help" in affected product contains a Cross-Site Scripting XSS vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious...

PT-2022-5708 · Symantec · Symantec Endpoint Protection

Name of the Vulnerable Software and Affected Versions: Symantec Endpoint Protection Windows versions prior to 14.3 RU6/14.3 RU5 Patch 1 Description: The issue is related to a Security Control Bypass, which can potentially allow a threat actor to circumvent existing security controls. This...

Vulnerability fixed in NetIQ Advanced Authentication

Micro Focus has fixed a vulnerability in NetIQ Advanced Authentication. The vulnerability allows a malicious party to bypass bypass multi-factor authentication. No substantive details about this vulnerability made publicly available. Micro Focus has released updates to fix the vulnerability fix i...

CVE-2017-13987

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files...

CVE-2017-13989

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information...

OIC Exponent CMS Information Disclosure Vulnerability (CNVD-2016-11167)

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. An information disclosure...