Lucene search
K
AstralinuxRecent

18095 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in libsoup3

There is a vulnerability related to request smuggling in LibSoup’s HTTP/1 header parsing logic. The soupmessageheaders.AppendCommon function in libsoup/soup-message-headers.c appends each header value unconditionally, without checking for duplicates or conflicting Content-Length fields. This allo...

5.3CVSS5.8AI score0.00321EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in Proxy in Google Chrome before version 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: Critical...

8.3CVSS7.5AI score0.00201EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in GIMP

GIMP ICO File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...

8.8CVSS7.6AI score0.01157EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Chromium

Before version 147.0.7727.55, reading and writing outside the bounds of V8 in Google Chrome allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.9AI score0.00379EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Chromium

The use of after-free in WebRTC in Google Chrome before version 147.0.7727.55 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS8AI score0.0048EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: erofs: Proper handling of the end of the filesystem is required for file-backed mounts. I/O requests that go beyond the end of the filesystem should be set to zero, similar to the behavior of loopback devices. This is what we...

5.7AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Chromium

A cryptographic flaw in PDFium in Google Chrome prior to version 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs through a brute-force attack. Chromium security severity: Medium...

4.3CVSS6.9AI score0.00102EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Chromium

The use of after-free in Forms in Google Chrome before version 147.0.7727.101 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00323EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in openexr

OpenEXR provides the specification and reference implementation of the EXR file format, a image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, the per-pixel totals are accumulated in vectors of unsigned integers, called totalsizes. These totalsizes are wrapp...

8.4CVSS7AI score0.00201EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Python 3.11

Python-Markdown version 3.8 contains a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Since Python-Markdown does not catch this exception, any application that processes Markdown controlled by...

8.2CVSS5.8AI score0.00566EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to version 1.16.4, the Flatpak portal allowed paths in the sandbox-expose options, which could be app-controlled symbolic links pointing to arbitrary paths. Flatpak’s “flatpak run” command mounted the resolved host path i...

10CVSS7.8AI score0.0168EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Python 3.11

When folding a long comment within an email header that contains only printable characters, the parentheses will not be preserved. This can be exploited to inject headers into email messages where the addresses are controlled by users and not sanitized...

5.7CVSS7AI score0.0055EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in Firefox and Thunderbird

DOM spoofing issue: Copy & Paste and Drag & Drop components. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

5.4CVSS5.8AI score0.00261EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Python 3.11

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class, and therefore does not use io.opencode to read the .pyc files. As a result, the sys.audit handlers for this audit event do not trigger...

5.7CVSS6AI score0.00202EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Chromium

In ServiceWorkers of Google Chrome prior to version 147.0.7727.55, bypassing the content security policy was possible when a remote attacker used a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00166EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in pypdf2

pypdf is a free and open-source Python-based PDF library. Prior to version 6.7.2, an attacker who exploited this vulnerability could create a PDF that would lead to an infinite loop. This required reading the file. This issue has been fixed in pypdf 6.7.2. As a workaround, one can manually apply...

7.5CVSS6.6AI score0.00346EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverexecuteresult indexed the global errorcodenames array 7 elements, indices 0–6 using an unchecked execResult-execResult value received from the server. This led to a potential out-of-bounds read...

7.5CVSS5.8AI score0.00454EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to version 1.16.4, the caching mechanism for ld.so removed outdated cache files without properly checking whether the app’s control over the path to the outdated cache was valid within the cache directory. This allowed...

8.7CVSS7.1AI score0.00323EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.15 views

Astra Linux – Vulnerability in ORC

A stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked into processing a specially crafted file using the affected ORC compiler, arbitrary code may be executed on the developer’s build environment. This may result in compromise ...

7CVSS7.4AI score0.00379EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there was a heap-buffer-overflow vulnerability at 24 bytes before the allocation, in the function winpralignedoffsetrecalloc. This issue has been fixed in version 3.24.2...

8.1CVSS5.7AI score0.00191EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed a memory leak in the GETDATADIRECTSYSFSPATH handler. The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceed...

5.5CVSS5.9AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fixed a memory leak in dwi3cmasteri2cxfers The dwi3cmasteri2cxfers function allocates memory for the xfer structure using dwi3cmasterallocxfer. If pmruntimeresumeandget fails, the function returns without freeing the...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a C++ library and a command-line utility for reading, writing, deleting, and modifying image metadata in formats such as Exif, IPTC, XMP, and ICC. Prior to version 0.28.8, a buffer overflow vulnerability was discovered in Exiv2. The vulnerability lies in the preview component, which only...

7.5CVSS6.8AI score0.00367EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: Added an seqadj extension for natted connections. Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. This is due to the need to rewrite the packet payload IP, port on the ftp control...

5.9AI score0.00173EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Chromium

The use of after-free in CSS in Google Chrome before version 147.0.7727.101 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00341EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Chromium

The use of after free in Dawn in Google Chrome before version 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...

8.3CVSS7.3AI score0.00251EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Chromium

The use of after-free in Cast in Google Chrome before version 147.0.7727.101 allowed a remote attacker to execute arbitrary code through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00341EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in libsoup3

A flaw was discovered in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary...

5.8CVSS6.3AI score0.00298EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Chromium

Before version 146.0.7680.153, read and write operations in WebGL in Google Chrome allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00324EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh. The API function sshgethexa is vulnerable to a denial-of-service attack when processing zero-length inputs. This vulnerability can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication, if the...

8.2CVSS6.5AI score0.00582EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Chromium

The use of after-free in navigation in Google Chrome before version 147.0.7727.55 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.7AI score0.00303EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the owner of the durable handle upon reconnection. Currently, ksmbd does not verify whether the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any...

8.8CVSS5.7AI score0.00437EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: CGX: fix bitmap leaks The RX/TX flow-control bitmaps rxfcpfvfbmap and txfcpfvfbmap are allocated by cgxlmacinit, but never freed in cgxlmacexit. Unbinding and rebinding the driver therefore triggers a kmemleak:...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Added a sanity check for OOB writes during silencing. During silencing, the playback URB packets are processed in the implicit fb mode before actual playback. We assume blindly that the received packets fit withi...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed a double-free in rxesrqfrominit. In rxesrqfrominit, the queue pointer ‘q’ is assigned to ‘srq-rq.queue’ before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dlm: Length validation in dlmsearchrsbtree was added. The len parameter in dlmdumprsbname is not validated and comes from network messages. When this parameter exceeds DLMRESNAMEMAXLEN, it may cause an out-of-bounds write in...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in firewalld

A flaw was discovered in firewalld. A local unprivileged user can exploit this vulnerability by improperly authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This improper authorization allows the user to modify the runtime firewall state without proper...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fixed a use-after-free in bondxmitbroadcast. bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release operations can mutat...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync T-series card is being detached, the fstcardinfo is deallocated in fstremoveone. However, the fsttxtask or fstinttask may still be running ...

8.8CVSS5.8AI score0.00387EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xhci: Fixed a NULL pointer dereference issue when reading PortLib’s debugfs files. Michal reported and debugged a NULL pointer dereference bug in the recently added PortLib’s debugfs files. The issue occurs when there are more po...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fixed access to stale wptr mapping. Use drmexec to take both locks—i.e., vmrootbo and wptrobjbo—to properly access the mapping data. This fixes the security issue where wptrobj is unmapped while a queue creation...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - In net: The variable sk-skfamily was read once in the function skmcloop. - syzbot is frequently using IPV6ADDRFORM; it managed to trigger the WARNONONCE1 function in skmcloop. We still have many more similar issues that need...

6AI score0.00216EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed a leak in the attachment of DMA buffers in xegemprimeimport. When xedmabufinitobj fails, the attachment from dmabufdynamicattach is not detached. Add dmabufdetach before returning an error. Note: We cannot use goto...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Validated the length of inherited ACE SIDs. smbinheritdacl iterates through the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the correct SID header before using it,...

8.8CVSS6AI score0.00408EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The use of commitmutex in the reset path has been removed. This issue causes a circular lock dependency between the commitmutex, nfnlsubsysipset, and nlkcbmutex when performing nft reset, listing IP sets, or...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher – default implementation for setting a private key Changes from v1: - The default implementation of setpubkey was removed. It is assumed that an implementation must always have this callback defined, as there are...

6AI score0.00211EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, decompress and decode it into the buffer td-rlerawdata of size rlerawsize a...

6.9CVSS6.6AI score0.0016EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed an integer overflow in aie2queryctxstatusarray. The unpublished smatch static checker reported a warning. In drivers/accel/amdxdna/aie2pci.c, line 904 of aie2queryctxstatusarray: Warning: Potential...

6.6AI score0.00152EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netlink: fixed a potential deadlock in netlinkseterr syzbot reported a possible deadlock in netlinkseterr 1 A similar issue was fixed in commit 1d482e666b8e “netlink: disabling IRQs for netlinklocktable” in netlinklocktable Th...

6.1AI score0.00211EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: The race that occurs during the removal of the thermal zone during resume can be avoided. Since thermalzonepmComplete and thermalzonedeviceresume reinitialize the delayed work of pollqueue for the given thermal zone,...

7.8CVSS6AI score0.00125EPSS
Exploits0References1
Total number of security vulnerabilities18095