Lucene search
+L
AstralinuxRecent

18102 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. A specially crafted Lua script executed in Redis can trigger a heap overflow in the cjson library, leading to heap corruption and potentially remote code execution. This issue exists in all versions of Redis that support Lua scripting,...

8.8CVSS6.9AI score0.41409EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in libssh2

In libssh2 before version 1.9.0, the kexmethoddiffiehellmangroupexchangesha256keyexchange function in kex.c contains an integer overflow that could lead to an out-of-bounds read when packets are read from the server. A remote attacker who compromises an SSH server may be able to disclose sensitiv...

8.1CVSS7.7AI score0.11659EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in sudo

Before version 1.9.13, sudo did not escape control characters in the sudoreplay output...

5.3CVSS5.6AI score0.00953EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in sudo

Before version 1.9.13, Sudo did not escape control characters in log messages...

5.3CVSS5.5AI score0.00915EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.17 views

Astra Linux – Vulnerability in Wireshark

The GQUIC dissector crash in Wireshark versions 4.0.0 to 4.0.4, and 3.6.0 to 3.6.12 allows for denial of service through packet injection or malicious capture files...

6.5CVSS6.8AI score0.01001EPSS
Exploits1References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...

6.5CVSS7.1AI score0.01486EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

6.5CVSS6.5AI score0.0131EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures...

6.5CVSS6.6AI score0.00831EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in protobuf-c

It was discovered that Protobuf-c v1.4.0 contains an invalid arithmetic shift through the parsetagandwiretype function in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS attack through unspecified vectors...

5.5CVSS6.3AI score0.01065EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in binutils

A issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in the processmipsspecific function in readelf.c, due to a malformed MIPS option section...

7.8CVSS7AI score0.01976EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in binutils

“rememberKtype” in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption also known as OOM. This can occur during the execution of cxxfilt...

7.5CVSS7.1AI score0.03252EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in binutils

The demangletemplate function in cplus-dem.c within GNU libiberty, as part of GNU Binutils 2.30, allows attackers to trigger excessive memory consumption also known as OOM during the “Create an array for saving the template argument values” XNEWVEC call. This can occur during the execution of...

7.5CVSS7.1AI score0.0669EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel before version 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free condition, as “accept” is also allowed for a successfully connected AFNETROM socket. However, for an attacker to exploit this vulnerability, the system must have netrom routing...

6.7CVSS6.8AI score0.0027EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...

9.1CVSS7.5AI score0.05493EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk.Authenticated users can issue HRANDFIELD or ZRANDMEMBER commands with specially crafted arguments to trigger a denial-of-service attack, causing Redis to crash due to an assertion failure. This vulnerability affects Redis versions 6.2 or...

5.5CVSS5.8AI score0.69355EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...

4.7CVSS6.6AI score0.00184EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

There is a use-after-free vulnerability in the Linux Kernel that can be exploited to achieve local privilege escalation. To exploit this vulnerability, the CONFIGTLS or CONFIGXFRMESPINTCP kernel configuration flags must be set; however, the operation does not require any special privileges. There...

7.8CVSS6.7AI score0.00652EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

There is a speculative pointer dereferencing issue in the Linux kernel, specifically with the doprlimit function. The value of the resource argument is controlled and is used in pointer arithmetic for the ‘rlim’ variable. This can lead to the leakage of its contents. We recommend upgrading to a...

5.3CVSS6.6AI score0.0072EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...

7.8CVSS6.2AI score0.00189EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start The ieee80211txbasessionhandlestart function may return NULL for sdata when a deauthentication process is ongoing. Here is a trace that illustrates the race condition involving...

5.5CVSS6.1AI score0.00245EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: fastrpc: Do not remove the map from createprocess and devicerelease functions. Do not remove the map from the list during the error handling in fastrpcinitcreateprocess. Instead, call fastrpcmapput to avoid a...

7.8CVSS6.2AI score0.00241EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk.Authenticated users who execute specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, causing Redis to attempt to allocate an impossible amount of memory and result in a Memory Out of Control OOM panic. This issue...

5.5CVSS5.9AI score0.33269EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in gst-plugins-good1.0

DOS: Potential heap overwrite during MKV demuxing using HEADERSTRIP decompression. Integer overflow occurs in the matroskaparse element within the gstmatroskadecompressdata function, leading to a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, this overflow cannot ...

7.8CVSS7.3AI score0.00445EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in gst-plugins-good1.0

Integer overflow in the avidemux element within the gstavidemuxinvert function, which allows for a heap overwrite during the parsing of AVI files. There is a potential for arbitrary code execution due to the heap overwrite...

7.8CVSS7.7AI score0.00465EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Tiff

Libtiff 4.5.0 is vulnerable to a Buffer Overflow issue through the use of the extractContigSamplesShifted8bits function, located at /libtiff/tools/tiffcrop.c:3753...

5.5CVSS6.8AI score0.00345EPSS
Exploits1References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Git

Git, a version control system, is vulnerable to path traversal before versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By providing a crafted input to git apply, it is possible to overwrite paths outside of the working tree, as long as the user running...

7.5CVSS7AI score0.01144EPSS
Exploits3References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Node.js

There is a vulnerability related to untrusted search paths in Node.js. Versions 19.6.1, 18.14.1, 16.19.1, and 14.21.3 may allow an attacker to search for data and potentially load ICU data when running with elevated privileges...

4.2CVSS6.7AI score0.00471EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in sudo

In Sudo before 1.9.12p2, the sudoedit also known as -e feature improperly handles additional arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process. This can lead to...

7.8CVSS7.5AI score0.55367EPSS
Exploits20References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in TIF format

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3724 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...

6.8CVSS6.7AI score0.00435EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in TIF format

LibTIFF 4.4.0 contains an out-of-bounds read in tiffcrop at line 3400 of tools/tiffcrop.c, allowing attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile LibTIFF from source code, the fix is available in the commit afaabc3e...

6.8CVSS6.8AI score0.00421EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Wireshark

The TIPC dissector crashes in Wireshark versions 4.0.0 to 4.0.2, and 3.6.0 to 3.6.10. This issue allows for denial of service through packet injection or malicious capture files...

7.1CVSS7AI score0.00825EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Wireshark

Excessive loops in multiple dissectors in Wireshark versions 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 allow denial of service via packet injection or crafted capture files...

6.5CVSS6.8AI score0.00887EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A NULL pointer dereference flaw was discovered in the rawv6pushpendingframes function in net/ipv6/raw.c within the network subcomponent of the Linux kernel. This flaw can cause the system to crash...

5.5CVSS6.7AI score0.01016EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support SMIME, CMS, and PKCS7 streaming capabilities. However, it can also be called directly by end-user applications. This function receives a BIO from...

7.5CVSS7AI score0.04494EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Vim

A null pointer dereferencing issue was discovered in the function guix11createblankmouse in guix11.c in vim 8.1.2269 through 9.0.0339. This issue allows attackers to cause denial of service or other unspecified impacts...

7.8CVSS7.1AI score0.0026EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in libsoup2.4

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives an HTTP response with a status code of 401 Unauthorized, which contains a specially crafted domain parameter within the WWW-Authenticate header...

4.3CVSS6.6AI score0.00324EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: exfat: Fixed a double-free operation in the delayedfree function. The double-free could occur at the following paths: c exfatcreateupcasetable exfatcreateupcasetable : Return error exfatfreeupcasetable : Free -volutbl...

7.8CVSS5.8AI score0.00156EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in Oracle Java SE Component: Compiler. The supported versions affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. This vulnerability is difficult to exploit, allowing an unauthenticated attacker with network access via multiple protocols to compromise...

4.8CVSS6.4AI score0.00522EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.15

A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...

5.9CVSS7.3AI score0.00149EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19

A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...

5.3CVSS6.8AI score0.01208EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in binutils

A flaw was discovered in Binutils. The use of an uninitialized field in the struct module module may cause the application to crash and lead to a local denial of service...

5.5CVSS5.3AI score0.00376EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in NTP

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when a \0' character is added. An adversary may be able to attack a client ntpq process, but they cannot attack the ntpd process...

5.6CVSS7.1AI score0.00645EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in OpenSSL

The function X509VERIFYPARAMadd0policy is documented as implicitly enabling the certificate policy check during certificate verification. However, the implementation of this function does not actually enable the policy check, allowing certificates with invalid or incorrect policies to pass the...

5.3CVSS6.7AI score0.01625EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in libonig

A NULL pointer dereference in the matchat function in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause a denial of service by providing a crafted regular expression. Oniguruma vulnerabilities often affect Ruby, as well as common optional libraries used in PHP and Rust...

6.5CVSS6.5AI score0.02129EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allows user copy to flash block cache objects With hardened usercopy enabled CONFIGHARDENEDUSERCOPY=y, using the /proc/powerpc/rtas/firmwareupdate interface to prepare a system firmware update results in a BUG:...

7.8CVSS5.4AI score0.00153EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in mdbitmapgetcounter If we write a large number to md/bitmapsetbits, mdbitmapcheckpage will return -EINVAL because ‘page = bitmap-pages’. However, the returned value was not checked immediatel...

7.1CVSS5.2AI score0.00183EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copying the entire header to the stack buffer, not just the basic header Eric Dumazet states that: nfconntrackdccppacket has a unique mechanism: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And...

7.1CVSS6.1AI score0.00139EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igb: Fixed the issue where igbdown got hung when removing the Thunderbolt hub. In a setup where a Thunderbolt hub is connected to Ethernet and a display via USB Type-C, users may experience a task-hanging timeout when they remove...

7.8CVSS6AI score0.00155EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Containerd

Containerd is an open-source container runtime. Prior to versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where no limit was applied could cause a denial of service. This bug ha...

6.2CVSS6.3AI score0.00363EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where attempting to copy files using docker cp into a specially crafted container can result in changes to Unix file permissions for existing files in the host’s...

6.3CVSS6AI score0.0027EPSS
Exploits0References2
Total number of security vulnerabilities18102