Lucene search
+L
AstralinuxRecent

18102 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.14 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This easily exploitable...

5.3CVSS6AI score0.01746EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in OpenSSL

AES OCB mode for 32-bit x86 platforms, using the AES-NI assembly-optimized implementation, may not encrypt all of the data under certain circumstances. This could reveal sixteen bytes of data that were already present in the memory but were not written. In the special case of “in-place” encryptio...

5.3CVSS6.6AI score0.04425EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in vsftpd

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers that implement different protocols but use compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker, who has access to the victim’s traffic at the TCP/IP layer, can redirect...

7.4CVSS7AI score0.02037EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in http-parser

Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

6.5CVSS6.9AI score0.16296EPSS
Exploits2References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Firefox

Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 106. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execut...

8.8CVSS8.3AI score0.00568EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

If an out-of-memory condition occurs when creating a JavaScript global, the JavaScript realm may be deleted, while references to it still exist in the BaseShape. This could lead to a use-after-free situation, potentially causing a exploitable crash. This vulnerability affects Firefox ESR 102.5,...

9.8CVSS7.1AI score0.01061EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 105 and Firefox ESR 102.3. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...

8.8CVSS7.7AI score0.00712EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in grub2

When rendering certain Unicode sequences, Grub2’s font code does not properly validate whether the width and height of the glyph are within the bitmap size. As a result, an attacker can create an input that will cause an out-of-bounds write to Grub2’s heap, leading to memory corruption and...

7.1CVSS7.4AI score0.00872EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsbmaplookupatlevel in the file fs/nilfs2/inode.c of the nilfs2 component. Manipulation of this function can lead to a null pointer dereference. The attack can be launched...

6.5CVSS5.7AI score0.01218EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A vulnerability has been discovered in the Linux kernel. It has been identified as a problem. The vulnerability affects the intrcallback function in the drivers/net/usb/r8152.c file of the BPF component. Manipulation of this function results in the logging of excessive data. The attack can be...

5.3CVSS6.5AI score0.02211EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in ncurses

ncurses 6.3 before patch 20220416 contains a buffer overflow vulnerability and segmentation violation in the convertstrings function in the tinfo/readentry.c file of the terminfo library...

7.1CVSS7AI score0.01341EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Apache2

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a Lua script that calls r:parsebody0 may cause a denial of service due to the lack of a default limit on the possible input size...

7.5CVSS7.2AI score0.05678EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in grub2

A buffer overflow was detected in grubfontconstructglyph. A maliciously crafted pf2 font can cause an overflow when calculating the maxglyphsize value. This results in allocating a buffer that is smaller than necessary for the glyph, leading to another buffer overflow and an out-of-bounds write t...

8.6CVSS7.1AI score0.00514EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

7.5CVSS7AI score0.19008EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ruby-Nokogiri

Nokogiri is an open-source XML and HTML library for Ruby. Nokogiri contains a regular expression that is inefficient and prone to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri = 1.13.4. There are no known solutions to this...

7.5CVSS7AI score0.03549EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Tomcat9

The fix for the bug CVE-2020-9484 introduced a “time of check, time of use” vulnerability in Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56, and 8.5.55 to 8.5.73 versions of Tomcat. This vulnerability allowed a local attacker to perform actions with the privileges of...

7CVSS7.4AI score0.00692EPSS
Exploits16References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in e2fsprogs

A out-of-bounds read/write vulnerability was discovered in e2fsprogs 1.46.5. This issue results in a segmentation fault and may allow for arbitrary code execution through a specially crafted filesystem...

7.8CVSS7.5AI score0.01382EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in unzip

A flaw was discovered in Unzip. The vulnerability occurs during the conversion of a wide string to a local string, resulting in an out-of-bound write operation on the heap. This flaw allows an attacker to submit a specially crafted zip file, causing a crash or code execution...

5.5CVSS6.7AI score0.02108EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in sudo

In Sudo version 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a non-existent user by executing sudo with a numerical UID that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability, as executing a command via sudo a...

7.5CVSS6.9AI score0.03295EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netlink: added nla be16/32 types to the minlen array BUGs: KMSAN: uninit-value in nlavalidaterangeunsigned, lib/nlattr.c:222 inline BUGs: KMSAN: uninit-value in nlavalidateintrange, lib/nlattr.c:336 inline BUGs: KMSAN:...

5.5CVSS5.2AI score0.00223EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1

An integer overflow flaw was discovered in the Linux kernel. This issue causes the kernel to allocate skbsharedinfo in the user space, which can be exploited in systems without SMAP protection, as skbsharedinfo contains references to function pointers...

5.5CVSS6.2AI score0.00266EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A use-after-free vulnerability was discovered in the Linux kernel’s ext4 file system, particularly regarding the handling of the additional inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...

6.7CVSS6.7AI score0.00245EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: zonefs: fixed zonefsiomapbegin for reads. If a readahead operation is issued on a sequential zone file with an offset that exactly equals the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent any I/O...

7.1CVSS6.1AI score0.00252EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Netfilter: Use getrandomu32 instead of prandom. This issue may occur when updating the per-cpu rndstate from a user context, i.e., the localout path. BUG: Using smpprocessorid in preemptible 00000000 code: nginx/2725. Caller is...

7.8CVSS6AI score0.0029EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: cgroup: Use separate source/destination nodes when preloading csssets for migration. Each cssset is associated with its corresponding tasks. When moving tasks between csssets during a migration, we need to keep the source and...

7.8CVSS6AI score0.00281EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: sfc: Fixed an issue where a use-after-free occurred when disabling sriov. The use-after-free was detected by kfence when disabling sriov. What was read after it was freed was vf-pcidev: it was freed from pcidisablesriov, and...

7.8CVSS6.3AI score0.0026EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ath10k: Skip ath10khalt during suspend for the driver state RESTARTING. A double-free crash occurs when FW recovery caused by wmi timeout/crash is followed by an immediate suspend event. FW recovery is triggered by...

7.8CVSS6.1AI score0.00266EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: remoteproc: Fixed the count check in rproccoredumpwrite. The check for the count being 0 was corrected to avoid a potential underflow. The check is identical to that in rprocrecoverywrite...

7.1CVSS6.2AI score0.00252EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: mISDN: Fixed a memory leak in dsppipelinebuild. dsppipelinebuild allocates a dup pointer using kstrdupcfg, but then it updates the dup variable using strsep&dup, “|”. As a result, when it calls kfreedup, the dup variable...

5.5CVSS6.2AI score0.00247EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: A use-after-free issue was addressed for aborted SSP/STP SAS tasks. Currently, a use-after-free may occur if a SAS task is aborted by the upper layer before we handle the I/O completion in mpisspcompletion or...

7.8CVSS6.2AI score0.00238EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed error handling in ext4fcrecordmodified inode. The current code does not properly handle the krealloc error case, which could lead to silent memory corruption or a kernel bug. This patch addresses this issue...

7.8CVSS5.6AI score0.00228EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Use VMMAP instead of VMALLOC for the ringbuf area. After the commit 2fd3fb0be1d1 “KASAN, vmalloc: Unpoison VMALLOC pages after mapping”, non-VMALLOC mappings will be marked as accessible in getvmareanode when KASAN is enable...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: vt: Fixed memory overlap issues when deleting characters from the buffer. A memory overlap copy occurs when deleting a long line. This memory overlap can lead to data corruption when scrmemcpyw is optimized to memcpy, because...

5.5CVSS6.3AI score0.00278EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

A issue was discovered in the Linux kernel before version 6.0.11. Missing validation of the IEEE80211P2PATTROPERCHANNEL in the drivers/net/wireless/microchip/wilc1000/cfg80211.c file within the WILC1000 wireless driver can lead to a out-of-bounds write when parsing the channel list attribute from...

7.8CVSS6.7AI score0.00298EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A flaw in incorrect access control in the Linux kernel’s USB core subsystem was discovered in the way users attach USB devices. A local user could exploit this flaw to crash the system...

5.5CVSS6.7AI score0.00317EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libxml2

A issue was discovered in libxml2 before version 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters may overflow. This leads to an attempt to access an array at a negative 2GB offset, typically resulting in a segmentation fault...

7.5CVSS6.7AI score0.22791EPSS
Exploits2References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A issue was discovered in the Linux kernel through version 5.18.14. The xfrmexpandpolicies function in net/xfrm/xfrmpolicy.c can cause the refcount to be dropped twice...

5.5CVSS6.6AI score0.00309EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A vulnerability was discovered in the Linux kernel. It has been classified as critical. This issue affects the devlinkparamset/devlinkparamget functions in the net/core/devlink.c file of the IPsec component. The vulnerability allows for exploitation after memory allocation. It is recommended that...

7.8CVSS6.5AI score0.00316EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A NULL pointer dereference flaw exists in the diFree function in the fs/jfs/inode.c file of the Journaled File System JFS in the Linux kernel. This flaw could allow a local attacker to crash the system or leak internal kernel information...

7.1CVSS6.7AI score0.00244EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

The Linux kernel before version 5.17.2 mishandles seccomp permissions. The PTRACESEIZE code path allows attackers to bypass the intended restrictions on setting the PTSUSPENDSECCOMP flag...

7.8CVSS6.7AI score0.00798EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in grub2

There is a use-after-free vulnerability in the grubcmdchainloader function. The chainloader command is used to boot up operating systems that do not support multiboot and do not have direct support from GRUB2. When executing chainloader more than once, a use-after-free vulnerability is triggered...

7.8CVSS8.3AI score0.00289EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in curl

libcurl will reuse a previously established connection even when options related to TLS or SSH have been changed, which should prevent such reuses. libcurl stores previously used connections in a connection pool, allowing for reuse if one of them matches the current setup. However, several TLS an...

7.5CVSS6.6AI score0.02596EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

libcurl provides the CURLOPTCERTINFO option to allow applications to request details about a server’s certificate chain. Due to a faulty function, a malicious server could cause libcurl, built with NSS, to get stuck in an endless busy-loop when attempting to retrieve that information...

7.5CVSS6.9AI score0.02434EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.9 and earlier contains a segmentation fault due to the component sql/sqlwindow.cc...

7.5CVSS7.6AI score0.02174EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Freetype

It was discovered that commit 53dfdcd8198d2b3201a23c4bad9190519ba918db of FreeType contains a segmentation violation due to the FNTSizeRequest function...

7.5CVSS7.2AI score0.02816EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Freetype

It was discovered that commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 of FreeType contains a segmentation violation due to the FTRequestSize function...

7.5CVSS7.2AI score0.0339EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable” to cause a NULL pointer dereference. Version 5.9.2 includes a patch to addres...

6.5CVSS6.8AI score0.01131EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could exploit an improper input validation vulnerability when setting malformed OIDs in both the master agent and subagent simultaneously. Version 5.9.2...

6.5CVSS6.6AI score0.01052EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.18 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2, an...

5.9CVSS6.7AI score0.02062EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected include Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2, and 22.1.0. This easily...

5.3CVSS6.5AI score0.0296EPSS
Exploits0References1
Total number of security vulnerabilities18102