16122 matches found
Astra Linux – Vulnerability in gpac
A vulnerability was discovered in GPAC version 2.4. It has been rated as problematic. The affected function is gfdashdownloadinitsegment in the file src/mediatools/dashclient.c. Manipulating the baseiniturl argument leads to a null pointer dereference. This attack can be launched remotely. The...
Astra Linux – Vulnerability in Chromium
Before version 95.0.4638.54, using "use after free" in Dev Tools in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in multipath-tools
In versions of multipath-tools from 0.7.0 to 0.9.x, up to 0.9.2, local users could obtain root access, either alone or in conjunction with CVE-2022-41973. Local users who had access to write to UNIX domain sockets could bypass access controls and manipulate the multipath setup. This could result ...
Astra Linux – Vulnerability in f2fs-tools
There is an exploitable information disclosure vulnerability in the getdnodeofdata functionality of the F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to information disclosure. An attacker can provide a malicious file that triggers this vulnerability...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in multipath-tools
Multipath-tools versions 0.7.7 through 0.9.x, prior to 0.9.2, allowed local users to obtain root access. This vulnerability was exploited in conjunction with CVE-2022-41974. Local users who had access to /dev/shm could modify symlinks within multipathd due to incorrect symlink handling. This coul...
Astra Linux – Vulnerability in open-vm-tools
A issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass the intended access restrictions on mounting shares through a symlink attack that exploits a realpath race condition in mount.vmhgfs also known as hgfsmounter...
Astra Linux – Vulnerability in opensc
A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTK. The issue arises from the lack of initialization of variables that should be initialized as arguments to other functions, etc...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed errors caused by “off-by-one” values when filling blocks with tlv entries during fast-commit operations. Due to several “off-by-one” errors, or perhaps due to a late change in design that wasn’t fully reflected in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev – The spin lock in struct mcanclassdev is not being initialized. This causes issues with spinlocks, as seen in complaints from the kernel, such as when trying to send CAN frames using cansend from...
Astra Linux – Vulnerability in open-vm-tools
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges, who has access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled, may exploit this vulnerability to escalate...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Settings component of Google Chrome prior to version 95.0.4638.54 allowed a remote attacker to interact with Dev Tools, potentially exploiting heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in rabbitMQ-server
RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution...
Astra Linux – Vulnerability in open-vm-tools
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper with local files to trigger insecure file operations within that VM...
Astra Linux – Vulnerability in opensc
A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, which would send a specially crafted response to APDUs to the system. When buffers are partially filled with data, the initialized...
Astra Linux – Vulnerability in squashfs-tools
In Squashfs-Tools 4.5, the squashfsopendir variable in unsquash-1.c stores the filename within the directory entry. This filename is then used by unsquashfs to create the new file during the unsquash process. The filename is not validated for traversal outside of the destination directory, allowi...
Astra Linux – Vulnerability in open-vm-tools
A malicious actor who has been granted “Guest Operation Privileges” https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html can potentially elevate their privileges if the target virtual machine has been assigned a more privileged “Guest Alias...
CVE-2026-10034
The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an...
CVE-2026-55392
NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...
EUVD-2026-37927
NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...