125868 matches found
Astra Linux - уязвимость в wireshark
The TLS protocol dissector heap overflow in Wireshark versions 4.6.0 to 4.6.4 allows for denial of service attacks, and may lead to code execution...
Astra Linux - уязвимость в wireshark
The SDP protocol dissector in Wireshark versions 4.6.0 to 4.6.4 allows for a denial of service attack...
Astra Linux - уязвимость в wireshark
RTSP protocol dissector crashes in Wireshark versions 4.6.0 to 4.6.4...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, the function freerdpbitmapdecompressplanar did not validate the parameters nSrcWidth/nSrcHeight against the values of planar-maxWidth/maxHeight before performing the RLE decompression. A malicious server cou...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: udp: When a connected socket is disconnected, the 4-tuple hash table’s auto-bound connected state is not properly hashed. Suppose we bind a UDP socket to a wildcard address with a non-zero port, connect the socket to a specific...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, asynchronous bulk transfer operations could cause a freed channel callback to be used after the URBDRC channel was closed, resulting in a use-after-free situation in the urbwritecompletion function. This...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: thead: Fixed buffer overflows and used standard endian macros. Two issues have been addressed in the TH1520 AON firmware protocol driver: 1. Fixed a potential buffer overflow issue where code used unsafe pointer...
Astra Linux - уязвимость в ntp
In NTP versions prior to 4.2.8p14 and 4.3.x before 4.3.100, ntpd allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address. This occurs because transmissions are rescheduled even when a packet lacks a valid origin timestamp...
Astra Linux - уязвимость в ntp
In NTP versions prior to 4.2.8p14 and 4.3.x before 4.3.100, remote attackers could exploit this vulnerability to cause a denial of service—resulting in the daemon exiting or the system time being changed. This was possible by predicting the transmit timestamps used in forged packets. The victim w...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: The issue related to “slab-use-after-free” in inetlookupestablished has been fixed. The lookups in the ehash table are performed without locking, and they rely on SLABTYPESAFEBYRCU to ensure the stability of socket memory...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A null pointer dereference flaw was discovered in the Linux kernel’s DECnet networking protocol. This issue could allow a remote user to crash the system...
Astra Linux - уязвимость в git
In connect.c, the gitconnectgit function in Git before version 2.30.1 allows a repository path to contain a newline character. This may lead to unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
Astra Linux - уязвимость в wireshark
The GVCP dissector crash in Wireshark versions 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service through packet injection or malicious capture files...
Astra Linux - уязвимость в samba
A vulnerability related to information leaks was discovered in Samba’s LDAP server. Due to missing access control checks, a authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed an issue where shareconf was freed after use, in compound requests. smb2getksmbdtcon reuses work-tcon in compound requests without validating tcon-tstate. ksmbdtreeconnlookup checks that tstate is TREECONNECTED...
Astra Linux - уязвимость в redis
Redis is an open-source, in-memory database that persists data on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability has been fixed in versions 8.0.3, 7.4.5, 7.2.10, and 6.2.19...
Astra Linux - уязвимость в thrift
In Apache Thrift versions 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when receiving invalid input data...
Malicious code in bucket-protocol-sdk-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19ff8a6cb5a08bd0561658d41dfe3616f1680bc5acac989c97da38f37ee41b4 bucket-protocol-sdk-v2 advertises itself as a 'community maintained drop-in replacement' for the Sui ecosystem's bucket-protocol-sdk, but its src/ tr...
JLSEC-2026-513
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...
SUSE CVE-2026-8950
Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...