Lucene search
+L
AstralinuxRecent

18102 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Vim

NULL pointer dereferencing in the GitHub repository for vim/vim before version 9.0.1531...

7.8CVSS6.7AI score0.00462EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems such as OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS without a message size limit may...

6.5CVSS6.7AI score0.75116EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates that contain multiple actions separated by a '/' character may cause the CSS context to close unexpectedly, allowing for the injection of unexpected HTML, if executed with untrusted input...

7.3CVSS6.7AI score0.01037EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19

Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...

9.8CVSS6.8AI score0.02281EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Golang-1.19

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate significantly more memory than is...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Golang-1.19

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return incorrect results if called with certain specific unreduced scalars scalars that are larger than the order of the curve. This does not affect the usage of crypto/ecdsa or crypto/ecdh...

5.3CVSS6.7AI score0.00817EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

Incorrect verifier pruning in the BPF module of the Linux kernel version 5.4 and above leads to unsafe code paths being incorrectly marked as safe. This results in arbitrary read/writes to kernel memory, lateral privilege escalation, and container escapes...

10CVSS7.2AI score0.03546EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the Linux kernel through version 6.0.10. In the file drivers/media/dvb-core/dvbcaen50221.c, a use-after-free condition can occur due to the lack of a waitevent after a disconnection occurs...

7CVSS6.6AI score0.00252EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Golang-1.19

There is a path traversal vulnerability in the filepath.Clean function on Windows. On Windows, the filepath.Clean function could transform an invalid path such as “a/../c:/b” into the valid path “c:\b”. This transformation of a relative if invalid path into an absolute path could enable a directo...

7.5CVSS7.1AI score0.01678EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. A specially crafted Lua script executed in Redis can trigger a heap overflow in the cjson library, leading to heap corruption and potentially remote code execution. This issue exists in all versions of Redis that support Lua scripting,...

8.8CVSS6.9AI score0.41409EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in libssh2

In libssh2 before version 1.9.0, the kexmethoddiffiehellmangroupexchangesha256keyexchange function in kex.c contains an integer overflow that could lead to an out-of-bounds read when packets are read from the server. A remote attacker who compromises an SSH server may be able to disclose sensitiv...

8.1CVSS7.7AI score0.11659EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in sudo

Before version 1.9.13, sudo did not escape control characters in the sudoreplay output...

5.3CVSS5.6AI score0.00953EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in sudo

Before version 1.9.13, Sudo did not escape control characters in log messages...

5.3CVSS5.5AI score0.00915EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.17 views

Astra Linux – Vulnerability in Wireshark

The GQUIC dissector crash in Wireshark versions 4.0.0 to 4.0.4, and 3.6.0 to 3.6.12 allows for denial of service through packet injection or malicious capture files...

6.5CVSS6.8AI score0.01001EPSS
Exploits1References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...

6.5CVSS7.1AI score0.01486EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

6.5CVSS6.5AI score0.0131EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures...

6.5CVSS6.6AI score0.00831EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in protobuf-c

It was discovered that Protobuf-c v1.4.0 contains an invalid arithmetic shift through the parsetagandwiretype function in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS attack through unspecified vectors...

5.5CVSS6.3AI score0.01065EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in binutils

A issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in the processmipsspecific function in readelf.c, due to a malformed MIPS option section...

7.8CVSS7AI score0.01976EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in binutils

“rememberKtype” in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption also known as OOM. This can occur during the execution of cxxfilt...

7.5CVSS7.1AI score0.03252EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in binutils

The demangletemplate function in cplus-dem.c within GNU libiberty, as part of GNU Binutils 2.30, allows attackers to trigger excessive memory consumption also known as OOM during the “Create an array for saving the template argument values” XNEWVEC call. This can occur during the execution of...

7.5CVSS7.1AI score0.0669EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel before version 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free condition, as “accept” is also allowed for a successfully connected AFNETROM socket. However, for an attacker to exploit this vulnerability, the system must have netrom routing...

6.7CVSS6.8AI score0.0027EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...

9.1CVSS7.5AI score0.05493EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk.Authenticated users can issue HRANDFIELD or ZRANDMEMBER commands with specially crafted arguments to trigger a denial-of-service attack, causing Redis to crash due to an assertion failure. This vulnerability affects Redis versions 6.2 or...

5.5CVSS5.8AI score0.69355EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...

4.7CVSS6.6AI score0.00184EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

There is a use-after-free vulnerability in the Linux Kernel that can be exploited to achieve local privilege escalation. To exploit this vulnerability, the CONFIGTLS or CONFIGXFRMESPINTCP kernel configuration flags must be set; however, the operation does not require any special privileges. There...

7.8CVSS6.7AI score0.00652EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

There is a speculative pointer dereferencing issue in the Linux kernel, specifically with the doprlimit function. The value of the resource argument is controlled and is used in pointer arithmetic for the ‘rlim’ variable. This can lead to the leakage of its contents. We recommend upgrading to a...

5.3CVSS6.6AI score0.0072EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...

7.8CVSS6.2AI score0.00189EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start The ieee80211txbasessionhandlestart function may return NULL for sdata when a deauthentication process is ongoing. Here is a trace that illustrates the race condition involving...

5.5CVSS6.1AI score0.00245EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: fastrpc: Do not remove the map from createprocess and devicerelease functions. Do not remove the map from the list during the error handling in fastrpcinitcreateprocess. Instead, call fastrpcmapput to avoid a...

7.8CVSS6.2AI score0.00241EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk.Authenticated users who execute specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, causing Redis to attempt to allocate an impossible amount of memory and result in a Memory Out of Control OOM panic. This issue...

5.5CVSS5.9AI score0.33269EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in gst-plugins-good1.0

DOS: Potential heap overwrite during MKV demuxing using HEADERSTRIP decompression. Integer overflow occurs in the matroskaparse element within the gstmatroskadecompressdata function, leading to a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, this overflow cannot ...

7.8CVSS7.3AI score0.00445EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in gst-plugins-good1.0

Integer overflow in the avidemux element within the gstavidemuxinvert function, which allows for a heap overwrite during the parsing of AVI files. There is a potential for arbitrary code execution due to the heap overwrite...

7.8CVSS7.7AI score0.00465EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Tiff

Libtiff 4.5.0 is vulnerable to a Buffer Overflow issue through the use of the extractContigSamplesShifted8bits function, located at /libtiff/tools/tiffcrop.c:3753...

5.5CVSS6.8AI score0.00345EPSS
Exploits1References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Git

Git, a version control system, is vulnerable to path traversal before versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By providing a crafted input to git apply, it is possible to overwrite paths outside of the working tree, as long as the user running...

7.5CVSS7AI score0.01144EPSS
Exploits3References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Node.js

There is a vulnerability related to untrusted search paths in Node.js. Versions 19.6.1, 18.14.1, 16.19.1, and 14.21.3 may allow an attacker to search for data and potentially load ICU data when running with elevated privileges...

4.2CVSS6.7AI score0.00471EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in sudo

In Sudo before 1.9.12p2, the sudoedit also known as -e feature improperly handles additional arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process. This can lead to...

7.8CVSS7.5AI score0.55367EPSS
Exploits20References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in TIF format

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3724 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...

6.8CVSS6.7AI score0.00435EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in TIF format

LibTIFF 4.4.0 contains an out-of-bounds read in tiffcrop at line 3400 of tools/tiffcrop.c, allowing attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile LibTIFF from source code, the fix is available in the commit afaabc3e...

6.8CVSS6.8AI score0.00421EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Wireshark

The TIPC dissector crashes in Wireshark versions 4.0.0 to 4.0.2, and 3.6.0 to 3.6.10. This issue allows for denial of service through packet injection or malicious capture files...

7.1CVSS7AI score0.00825EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Wireshark

Excessive loops in multiple dissectors in Wireshark versions 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 allow denial of service via packet injection or crafted capture files...

6.5CVSS6.8AI score0.00887EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A NULL pointer dereference flaw was discovered in the rawv6pushpendingframes function in net/ipv6/raw.c within the network subcomponent of the Linux kernel. This flaw can cause the system to crash...

5.5CVSS6.7AI score0.01016EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support SMIME, CMS, and PKCS7 streaming capabilities. However, it can also be called directly by end-user applications. This function receives a BIO from...

7.5CVSS7AI score0.04494EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Vim

A null pointer dereferencing issue was discovered in the function guix11createblankmouse in guix11.c in vim 8.1.2269 through 9.0.0339. This issue allows attackers to cause denial of service or other unspecified impacts...

7.8CVSS7.1AI score0.0026EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in libsoup2.4

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives an HTTP response with a status code of 401 Unauthorized, which contains a specially crafted domain parameter within the WWW-Authenticate header...

4.3CVSS6.6AI score0.00324EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: exfat: Fixed a double-free operation in the delayedfree function. The double-free could occur at the following paths: c exfatcreateupcasetable exfatcreateupcasetable : Return error exfatfreeupcasetable : Free -volutbl...

7.8CVSS5.8AI score0.00156EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in Oracle Java SE Component: Compiler. The supported versions affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. This vulnerability is difficult to exploit, allowing an unauthenticated attacker with network access via multiple protocols to compromise...

4.8CVSS6.4AI score0.00522EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.15

A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...

5.9CVSS7.3AI score0.00149EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19

A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...

5.3CVSS6.8AI score0.01208EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in binutils

A flaw was discovered in Binutils. The use of an uninitialized field in the struct module module may cause the application to crash and lead to a local denial of service...

5.5CVSS5.3AI score0.00376EPSS
Exploits1References2
Total number of security vulnerabilities18102