Lucene search
K
AstralinuxRecent

18102 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A flaw was discovered in the Linux kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While this will usually be correct, since tuntap devices require CAPNETADMIN, it may not always be the case. For example, a non-root user...

5.5CVSS6.6AI score0.00257EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

The use of Site Isolation in Google Chrome before version 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00342EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in LibreOffice

In the affected versions of LibreOffice, a flaw in the verification code for adbe.pkcs7.sha1 signatures may allow invalid signatures to be accepted as valid. This issue affects LibreOffice versions starting from 24.8 before 24.8.6, and from 25.2 before 25.2.2...

5.5CVSS6.4AI score0.00096EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in zvbi

A vulnerability classified as critical has been discovered in libzvbi up to version 0.2.43. This vulnerability affects the vbicapturesimloadcaption function in the src/io-sim.c file. The vulnerability leads to an integer overflow. The attack can be initiated remotely. The exploit has been made...

7.5CVSS6.9AI score0.00603EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Chromium

In Skia within Google Chrome, out-of-bounds memory access was allowed before version 128.0.6613.84. This allowed a remote attacker who had compromised the renderer process to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00635EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: pm8001: Fixed the runningreq for internal abort commands Disabling the remote PHY for a SATA disk causes a hang: bash root@none$ more /sys/class/sasPhy/phy-0:0:8/targetPortProtocols sata root@none$ echo 0...

5.6AI score0.00203EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy. The syzbot reported a crash in tcactinHW during the netns teardown process. In this case, tcfidrinfodestroy passed a value of ERRPTR-EBUSY as a pointer to...

5.5CVSS5.7AI score0.00103EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: gpiolib: fixed a race condition related to gdev-srcu If two drivers call gpiochipadddatawithkey, one might traverse the srcu-protected list in gpionametodesc, while the other just adds its gdev in gpiodevaddtolist unlocked. Th...

4.7CVSS6AI score0.00087EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: jbd2: Added a miss release buffer head in fcdoonepass. In fcdoonepass, a miss release buffer head is added after use, which can lead to a reference count leak...

6AI score0.00201EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: typec: wusb3801: fixed the refcount leak in wusb3801probe I encountered the following report during the fault injection test: OF: ERROR: memory leak; the expected refcount was 4 instead of 1. ofnodeget/ofnodeput is unbalance...

5.6AI score0.00222EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: avoiding reference leaks in nfsdopenlocalfh If two calls to nfsdopenlocalfh race against each other and both successfully call nfsdfileacquirelocal, they will both receive an additional reference to the network, which will ...

4.7CVSS5.7AI score0.00103EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in pillow

Pillow through 10.1.0 allows for arbitrary code execution via the environment parameter. This is a different vulnerability than CVE-2022-22817 which involved the expression parameter...

8.1CVSS7.5AI score0.01703EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A flaw was discovered in the Linux kernel. A NULL pointer dereference may occur when the slip driver is in progress to detach at sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information...

7.1CVSS6.5AI score0.00275EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in bind9

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode the available memory to the point where named crashes occur due to lack of resources...

7.5CVSS7.5AI score0.02299EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Linux 5.10

A vulnerability was discovered in the kvms390guestsidaop function within the arch/s390/kvm/kvm-s390.c file in KVM for s390 in the Linux kernel. This flaw allows a local attacker with normal user privileges to gain unauthorized memory write access. This vulnerability affects Linux kernel versions...

7.8CVSS6.7AI score0.00335EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in glibc

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...

9.8CVSS7AI score0.04211EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Python-Django, Python 2.7

Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...

5.9CVSS6.8AI score0.35963EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Puma

Puma is a Ruby/Rack web server designed for parallelism. Prior to version 5.6.2 of Puma, Puma might not always call close on the response body. Before version 7.0.2.2 of Rails, Rails relied on the response body being closed in order for its CurrentAttributes implementation to work correctly. The...

8CVSS6.3AI score0.02124EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Puma

Puma is an HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using “puma” with a proxy that forwards HTTP header values containing the LF character could lead to HTTP request smuggling. A client could secretly send a request through a proxy, causing the proxy to send ...

3.7CVSS6.5AI score0.01119EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Poppler

In Poppler 0.74.0, the PDFDoc::markObject method in PDFDoc.cc mishandles dict marking, resulting in stack consumption in the Dict::find function located in Dict.cc. This issue can be triggered by passing a malicious PDF file to the pdfunite binary...

6.5CVSS6.7AI score0.02251EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in cifs-utils

cifs-utils from version 6.14 onwards, with verbose logging, can cause an information leak when a file contains equal sign characters but is not a valid credentials file...

5.3CVSS6.4AI score0.01804EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in cifs-utils

In cifs-utils up to version 6.14, a stack-based buffer overflow occurs when parsing the mount.cifs ip= command-line argument. This vulnerability could allow local attackers to gain root privileges...

7.8CVSS7.6AI score0.00562EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in pillow

In Pillow’s PIL.ImageMath.eval before version 9.0.0, it was possible to evaluate arbitrary expressions, including those that used the Python exec method. A lambda expression could also be used...

9.8CVSS6.8AI score0.03399EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A stack overflow flaw was discovered in the Linux kernel’s TIPC protocol functionality. This flaw occurs when a user sends a packet containing malicious content, where the number of domain member nodes exceeds the allowed limit of 64. This flaw allows a remote user to crash the system or...

9CVSS6.8AI score0.67994EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in uriparser

A issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax...

5.5CVSS5.7AI score0.01095EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

preallocelemsandfreelist in kernel/bpf/stackmap.c in the Linux kernel before version 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow, resulting in an out-of-bounds write...

7.8CVSS6.5AI score0.0038EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A memory leak flaw was discovered in the Linux kernel within the ccprunaesgcmcmd function in drivers/crypto/ccp/ccp-ops.c. This flaw allows attackers to cause a denial of service attack due to excessive memory consumption. This vulnerability is similar to the older CVE-2019-18808...

5.5CVSS6.7AI score0.00533EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in SQLite3

In SQLite 3.31.1, there is an out-of-bounds access issue involving the ALTER TABLE operation for views that contain nested FROM clauses...

9.8CVSS7.1AI score0.01067EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Python 2.7, Pypy

In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...

7.5CVSS7.1AI score0.06304EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in squashfs-tools

In Squashfs-Tools 4.5, the squashfsopendir variable in unsquash-1.c stores the filename within the directory entry. This filename is then used by unsquashfs to create the new file during the unsquash process. The filename is not validated for traversal outside of the destination directory, allowi...

8.1CVSS6.4AI score0.025EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying image metadata in formats such as Exif, IPTC, XMP, and ICC. A buffer overflow vulnerability has been discovered in Exiv2 versions v0.27.3 and earlier. This vulnerability occurs when Exiv2 is used to writ...

2.6CVSS6.8AI score0.01677EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

In versions 7.7 through 7.76.1 of curl, there is an information disclosure issue when the -t command-line option, referred to as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. This issue arises due to a flaw in the option parser for sending NEWENV...

3.1CVSS6.8AI score0.04385EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in JQuery

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in JQuery

In jQuery, starting from version 1.12.0 and before 3.5.0, passing HTML from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...

6.9CVSS6.6AI score0.99019EPSS
Exploits7References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in http-parser

HTTP request smuggling in Node.js versions 10, 12, and 13 causes the delivery of malicious payloads when transfer-encoding is malformed...

9.8CVSS7.5AI score0.57132EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86: Shadow stacks – proper error handling for mmap lock Kim Young-min reported that shstkpopsigframe does not check for errors from mmapreadlockkillable. This is a silly oversight. It was also shown that we have not marked...

5.5CVSS6.3AI score0.00114EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: fixed the PREEMPTRT raw/bh spinlock nesting issue for async VC handling The code has been changed to use a local lock instead of the raw spinlock provided by the completion structure in the idpfvcxn struct. This conversion ...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: The backing store type is set based on the query type. The bnxthwrmfuncbackingstoreqcapsv2 function stores resp-type from the firmware response in ctxm-type. This value is then used to index fixed backing-store metadata...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the mm/pagealloc function, the clearpage-private operation is performed in freepagesprepare. Several subsystems slub, shmem, ttm, etc. use page-private, but they do not clear it before freeing pages. When these pages are later...

7.8CVSS5.7AI score0.0013EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: If hcicmdsyncqueueonce returns -EEXIST, it indicates that a queue item already exists. The hcicmdsyncqueueonce function needs to indicate whether a queue item was added, so that the caller can know if...

5.5CVSS6AI score0.00107EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Python 3.11, Python 3.7

User-controlled header names and values containing newlines can allow for the injection of HTTP headers...

5.9CVSS6.7AI score0.00463EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Memory: mtk-smi – fixed device leaks during the common probe. Make sure to remove the references made when checking the SMI device during a common probe after a late probe failure e.g., probe deferral, as well as during driver...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipvs: Fixed the NULL dereference in the error path of ipvsaddservice. When ipvsbindscheduler successfully calls ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the cleanup code...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Fuse: Fixed corruption of the io-uring list for terminated, uncommitted requests. When a request terminates before it has been committed, the request is not removed from the queue’s list. This results in a dangling list entry,...

5.4AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in golang-golang-x-oauth2

An attacker can pass a maliciously malformed token, causing unexpected memory consumption during parsing...

7.5CVSS6.4AI score0.00804EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fixed the issue where global state locks were locked backoff. We need to acquire the lock after the early return in the !hwpipe case. Otherwise, we might encounter contention but still return 0. This fix addresses a...

5.5CVSS6.1AI score0.00158EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: For bpf on x86 architecture, there’s a fix for the issue where bpfprogpack isn’t properly freed after it’s deallocated. The syzbot reported several issues with bpfprogpack 1, 2. This issue only occurs when multiple subprogs ar...

7.8CVSS6.4AI score0.00211EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in unbound, bind9, and dnsmasq

Certain aspects of the DNS protocol’s DNSSEC mechanism described in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service attack by manipulating one or more DNSSEC responses. This issue is known as the “KeyTrap” problem. One of the concerns is that, when...

7.5CVSS7.1AI score0.99995EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in wavpack

WavPack 5.3.0 has a buffer overflow vulnerability in WavpackPackSamples in packUtils.c, due to an integer overflow in a malloc argument. NOTE: Some third-party developers claim that there are later “unofficial” versions up to 5.3.2, which are also affected...

6.1CVSS6.8AI score0.01196EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Apache2

A regression in Apache HTTP Server 2.4.60 ignores some uses of the legacy content-type-based configuration for handlers. Configurations like “AddType” and similar settings, under certain circumstances where files are requested indirectly, can lead to exposure of local content in the source code...

6.2CVSS6.5AI score0.00889EPSS
Exploits0References2
Total number of security vulnerabilities18102