Astra Linux - уязвимость в xorg-server

A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...

ROS-20260520-73-0046

A vulnerability in the ANGLE library of Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow a remote attacker to compromise the confidentiality, integrity and availability of protected information...

CVE-2026-22924

CVE-2026-22924 affects SIMATIC CN 4100 (all versions < V5.0). The vulnerability arises from insufficiently restricted unauthenticated connections, enabling resource exhaustion that can disrupt operations and potentially impact system availability and integrity. Connected references reiterate t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017467 advisory. A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain command...

Unity Linux 20.1060e / 20.1070e Security Update: rpm (UTSA-2026-017547)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017547 advisory. A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017513 advisory. A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017478 advisory. A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, usi...

CVE-2026-25077

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

Astra Linux – Vulnerability in openexr

A flaw was discovered in OpenEXR’s B44Compressor. This flaw allows an attacker who can submit a crafted file to have it processed by OpenEXR, thereby exhausting all memory available to the application. The greatest threat of this vulnerability is to system availability...

Astra Linux – Vulnerability in Ceph

An authentication flaw was discovered in Ceph versions prior to 14.2.20. When the monitor processes CEPHXGETAUTHSESSIONKEY requests, it does not sanitize otherkeys, allowing for key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid that has...

Astra Linux – Vulnerability in openexr

A flaw was discovered in OpenEXR’s multipart input file functionality. A crafted multipart input file containing no actual parts can lead to a NULL pointer dereferencing issue. The greatest threat of this vulnerability is to system availability...

Astra Linux – Vulnerability in xorg-server

A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...

Astra Linux - уязвимость в linux

A flaw was discovered in the Linux kernel. A memory use-after-free vulnerability was identified in the perf subsystem, allowing a local attacker with permission to monitor perf events, thereby corrupting memory and potentially escalating privileges. The most significant threat of this vulnerabili...

CVE-2026-6940

A flaw was found in radare2. A local attacker can exploit a path traversal vulnerability during project deletion by crafting absolute paths. This allows the attacker to delete arbitrary directories outside the intended project storage, leading to a loss of data integrity and system availability...

JLSEC-2026-183

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability...

JLSEC-2026-162

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23. The highest threat from this vulnerability is to system availability...

CVE-2025-40897

The CVE-2025-40897 entry concerns Guardian/CMC Threat Intelligence prior to version 26.0.0, where an access control flaw allows users with view-only privileges to perform administrative actions, potentially altering rules configuration and affecting availability. The vulnerability stems from impr...

PT-2026-32566

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-39983

A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed CRLF sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple command...

JLSEC-2026-27

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...