13321 matches found
Astra Linux - уязвимость в python3.11
It allows arbitrary filesystem writes outside the extraction directory during extraction with the filter="data" parameter. This vulnerability affects users who use the tarfile module to extract untrusted tar archives using methods like TarFile.extractall or TarFile.extract, with the filter=...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A hash collision flaw was discovered in the IPv6 connection lookup table within the Linux kernel’s IPv6 functionality. This flaw occurs when a user carries out a new type of SYN flood attack. A user located within the local network or with a high-bandwidth connection can cause the CPU usage of th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: md: Fixed an issue with warnings for holder mismatch in exportrdev. The commit a1d767191096 “md: Use mddev-external to select holder in exportrdev” fixes the problem where ‘claimrdev’ is used for blkdevgetbydev, while ‘rdev’ i...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, the handshakereqdestroytest1 test started failing: The expected value of handshakereqdestroytest should be req, but the actual value is 0000000000000000. The correct value...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: kernel/resource: Fixed the issue where bootmem memory was freed again after allocation. Since the commit ebff7d8f270d “mem hotunplug: fixed the issue of bootmem memory being freed after allocation”, we could encounter a situation...
Astra Linux - уязвимость в exiv2
In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file may lead to an infinite loop and system hangs, accompanied by high CPU consumption. Remote attackers could exploit this vulnerability to cause a denial of service by using a specially crafted file...
Astra Linux - уязвимость в mbedtls
Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fixed a fout leak in hbm's runbpfprog. Fixed the issue where fout was opened using fopen, but subsequently fclose wasn’t called. In the affected branch, fout otherwise would go out of scope...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Properly marking live registers for indirect jumps For the gotox rX instruction, the rX register should be marked as used in the computeinsnlive regs function. This issue has been fixed...
Astra Linux - уязвимость в tiff
A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net:mctp: Fixed the device reference leak that occurred during probe failures. The driver core holds a reference to the USB interface and its parent USB device while the interface is bound to the driver. There is no need to ho...
CVE-2026-47784
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...
CVE-2026-8627
The CVE-2026-8627 entry affects the WordPress plugin Correct Prices (
Exploit for Command Injection in Litellm
CVE-2026-42271 — LiteLLM Authenticated Command Injection via M...
MAL-2026-4406 Malicious code in @mcpassure/mcp-anvisa-bulario (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...
PT-2026-42202
Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0 Description The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage EKU extensions of server certificates during TLS 1.3 handshakes. Specifically, the answer...
CVE-2026-45232
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...
ROS-20260520-73-0036
A vulnerability in the Dawn component of Google Chrome browser is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the sandbox protection mechanism using a specially crafted HTML page...
ROS-20260520-73-0056
Vulnerability in chromium related to memory usage after its release. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
ROS-20260520-73-0038
A vulnerability in the WebGPU component of the Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...