CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.8CVSS8.2AI score0.02367EPSS

Astra Linux – Vulnerability in xorg-server

A vulnerability was discovered in X.Org. This security flaw arises because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges escalation on systems where the X server is running with privileged access, and may...

9.8CVSS9AI score0.0229EPSS

Astra Linux – Vulnerability in StrongSwan

StrongSwan before version 5.9.12 has a buffer overflow vulnerability, and there is a possibility of unauthenticated remote code execution through a DH public key value that exceeds the internal buffer of charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An attack can occur through a...

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Axis

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it might not have been obvious that using “ServiceFactory.getService” could lead to potentially dangerous operations, such as LDAP queries. Passing untrusted input to this API method could expose the application to DoS,...

9.8CVSS8.2AI score0.01931EPSS

AstraLinux•added 6 days ago•7 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream, if the library is used in versions outside the box with...

8.5CVSS7.8AI score0.04494EPSS

Exploits1References1

8.8CVSS7.9AI score0.61785EPSS

Astra Linux – Vulnerability in Apache Log4j1.2

The JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration, or when the configuration references an LDAP service to which the attacker has access. The attacker can provide a...

Exploits0References1

7.8CVSS7.8AI score0.61427EPSS

Astra Linux – Vulnerability in GIMP

GIMP PSD File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...

8.8CVSS7.9AI score0.00974EPSS

Astra Linux – Vulnerability in WebKit2GTK

A use-after-free vulnerability exists in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before version 2.36.8. This vulnerability allows attackers to execute code remotely...

AstraLinux•added 6 days ago•9 views

Astra Linux – Vulnerability in Erlang

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server might allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in the SSH protocol’s message handling, a malicious...

10CVSS8.5AI score0.97673EPSS

Exploits36References2

AstraLinux•added 6 days ago•2 views

Astra Linux – Vulnerability in WebKit2GTK

A use-after-free vulnerability exists in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before version 2.36.8, allowing attackers to execute code remotely...

8.8CVSS7.9AI score0.00974EPSS

8.8CVSS8.7AI score0.01201EPSS

Astra Linux – Vulnerability in gst-plugins-ugly1.0

GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may...

8.8CVSS8.1AI score0.00402EPSS

Astra Linux – Vulnerability in Chromium

In V8 of Google Chrome, out-of-bounds memory access prior to version 131.0.6778.204 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

AstraLinux•added 6 days ago•10 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may lead to a heap overflow, and potentially remote code execution. This issue affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

8.8CVSS5.8AI score0.02383EPSS

9.8CVSS8.4AI score0.04031EPSS

Astra Linux – Vulnerability in node-getobject

A vulnerability in the “getobject” version 0.1.0 prototype allows an attacker to cause a denial of service and may lead to remote code execution...

Exploits1References1

AstraLinux•added 6 days ago•7 views

Astra Linux – Vulnerability in h2database

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes the class name of the driver and the URL of the database as parameters. An attacker may pass in a JNDI driver name and a URL that points to an LDAP or RMI server, allowing for remote code execution. This vulnerability can be...

10CVSS8.8AI score0.63211EPSS

Exploits3References2

AstraLinux•added 6 days ago•7 views

Astra Linux – Vulnerability in connman

In ConnMan version 1.41, remote attackers who can send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute arbitrary code...

9.8CVSS8.4AI score0.0238EPSS

AstraLinux•added 6 days ago•21 views

Astra Linux – Vulnerability in Tomcat9

Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-...

10CVSS8.7AI score0.99945EPSS

Exploits46References2