Lucene search
K
AstralinuxRecent

18095 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in twitter-bootstrap3

Improper neutralization of input during web page generation XSS or “cross-site scripting” vulnerability in Bootstrap allows cross-site scripting. This issue affects Bootstrap: from version 3.4.1 to 4.0.0...

5.6CVSS5.7AI score0.00259EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Qemu

A heap-based buffer overflow was discovered in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could exploit this flaw to crash the QEMU process on the host, resultin...

6CVSS7.1AI score0.00552EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in fly-wm

The vulnerability of the fly-wmpam window management tool is related to reading data beyond the allowable buffer limit. Exploiting this vulnerability allows an attacker to cause a service failure...

6.2CVSS5.9AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in f2fs-tools

There is an exploitable code execution vulnerability in the fsckchkorphannode functionality of the F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to a heap buffer overflow, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.2CVSS7.5AI score0.02121EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: A crash occurs when destroying a suspended hardware context. If the user space sends an ioctl to destroy a hardware context that has already been automatically suspended, the driver may crash because the mailbox...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Chromium

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.5AI score0.0061EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A out-of-bounds read vulnerability was discovered in Exiv2 versions v0.27.4 and earlier. This vulnerability occurs when Exiv2 is used to read the metadata of a specially...

5.5CVSS6.5AI score0.01051EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to print the metadata of a specially crafted image file. A...

5.5CVSS6.6AI score0.01104EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.31. A heap-based buffer overflow in the bfdgetl32 function in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be...

5.5CVSS6.9AI score0.01341EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of after free in Profiles in Google Chrome before version 119.0.6045.105 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through those gestures. Chromium security severity: Medium...

8.8CVSS7AI score0.01124EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Fixed integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachSliceboioctl. Use checkaddoverflow to ensure that the calculations do not have an integer wrapping bug...

5.5CVSS6.4AI score0.00176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. Processing web content may lead to arbitrary code execution...

8.8CVSS7.6AI score0.01016EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fixed a possible memory leak in i2sbusadddev The devsetname function in soundbusaddone allocates memory for the device name. This memory needs to be freed when ofdeviceregister fails. The soundbusdevput functio...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in node-tar

The npm package “tar” also known as node-tar in versions prior to 4.4.16, 5.0.8, and 6.1.7 has vulnerabilities related to arbitrary file creation/overwriting and arbitrary code execution. node-tar aims to ensure that any file whose location would be modified by a symbolic link is not extracted...

8.6CVSS7AI score0.03286EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64 – Fix for host stage-2 PGD refcount The KVM page-table library counts the pages of concatenated stage-2 PGs individually. However, when KVM is running in protected mode, the host’s stage-2 PGD is currently managed by E...

5.5CVSS5.8AI score0.00196EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Added checks for skisinet and ISICSK in tlsswhasctxtx/rx. With the introduction of support for vsock and Unix sockets in sockmap, tlsswhasctxtx/rx cannot assume that the socket passed in must be of type ISICSK. Sockets of...

5.5CVSS6.5AI score0.00221EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an warning in ext4updateinlinedata. Syzbot identified the following issue: EXT4-fs loop0: Mounted a filesystem with ID 00000000-0000-0000-0000-000000000000 without a journal. Quota mode: none. fscrypt: Uses...

5.5CVSS6.4AI score0.00167EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The pointer may be dereferenced. The Klocwork tool reported that the pointer ‘rport’ was returned from a function call. The fcbsgtorport function may return NULL, and the pointer will be dereferenced. A fix has bee...

5.5CVSS6AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in libde265

A stack-buffer-overflow exists in libde265 v1.0.8 through fallback-motion.cc in the putepelhvfallback function when running the dec265 program...

5.5CVSS6.7AI score0.00859EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A use-after-free flaw was discovered in xen9pfsfrontremovet in net/9p/transxen.c within the Xen transport for 9pfs in the Linux kernel. This flaw could allow a local attacker to cause the system to crash due to a race condition, potentially leading to a kernel information leak...

4.7CVSS6.7AI score0.00177EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libde265

A issue has been found in libde265 v1.0.8 due to incorrect access control. A segmentation fault has occurred as a result of a READ memory access in the deriveboundaryStrength function of deblock.cc. This vulnerability causes a segmentation fault and results in the crash of the application, leadin...

5.5CVSS6.7AI score0.01155EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

Rejected reason: Further investigation indicates that the issue is not a vulnerability...

7.3AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix the crash caused by the LAG state check. When removing a LAG device from a bridge, the NETDEVCHANGEUPPER event is triggered. The driver determines which lower devices need to flush all offloaded entries. If one of t...

5.5CVSS6.2AI score0.00178EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Bacula

In Bareos Director versions 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow vulnerability allows a malicious client to corrupt the director’s memory by sending overly large digest strings during the initialization of a verify job. Disabling verify jobs can mitigate this problem. This issue h...

7.4CVSS7.2AI score0.0124EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Chromium

Using “after free” in WebRTC Perf in Google Chrome before version 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7AI score0.00745EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A memory leak flaw was discovered in the Linux kernel’s ccprunaesgcmcmd function, which allows an attacker to cause a denial of service. This vulnerability is similar to the older CVE-2019-18808. The greatest threat posed by this vulnerability is to system availability...

5.5CVSS6.7AI score0.0026EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tee: Fixed the registershmhelper function. In registershmhelper, incorrect error handling was corrected for a call to ioviterextractpages. A case was missing for when ioviterextractpages only retrieves some pages and returns a...

6.5AI score0.00194EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel, where the function sunkbdreinit was executed after sunkbdinterrupt had been called, even before sunkbd was freed. Although the dangling pointer is set to NULL in sunkbddisconnect, there is still an alias in sunkbdreinit that leads to a...

7.8CVSS6.4AI score0.00627EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed an illegal memory access In the kfdwaitonevents function, the kfdeventwaiter structure is allocated by alloceventwaiters. However, the event field of the waiter structure is not initialized. When the...

7.1CVSS6.4AI score0.0017EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

The use of after-free in networks in Google Chrome before version 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.01202EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

In some cases, a stale value might have been used for a global variable during WASM JIT analysis. This led to incorrect compilation and potentially exploitable crashes in the content process. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

5.3CVSS6.6AI score0.01007EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A flaw was discovered in the Linux kernel’s Traffic Control TC subsystem. Using a specific networking configuration—redirecting egress packets to ingress using the TC “mirred” action—a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TCP or...

5.5CVSS6.6AI score0.00198EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in lua5.3

The ldebug.c file in Lua 5.4.0 allows for a negation overflow and segmentation fault in getlocal and setlocal functions, as demonstrated by getlocal3,2^31...

5.3CVSS6.5AI score0.03833EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in nghttp2

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload caused a denial of service. The proof-of-concept attack involved a malicious client repeatedly constructing SETTINGS frames with a size of 14,400 bytes 2400 individual setting entries. This attack caused the CPU usag...

7.5CVSS6.7AI score0.05316EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in lua5.3

In Lua 5.3.5, there is a use-after-free issue in the luaupvaluejoin function in the lapi.c file. For example, an attacker can trigger a debug.upvaluejoin call, resulting in a crash, if they can establish certain relationships between the arguments passed to the function...

7.5CVSS6.7AI score0.17224EPSS
Exploits5References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox 111 and Firefox ESR 102.9. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox 112, Focus for Android 112,...

8.8CVSS7.2AI score0.00702EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Vim

Incorrect calculation of buffer size in the GitHub repository for vim/vim before version 9.0.1378...

7.3CVSS6.9AI score0.00438EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A flaw was discovered in the Linux kernel. A use-after-free may occur when plugging/dismounting a malicious USB device that claims to be an Asus device. Similar to the previously known CVE-2023-25012, but in Asus devices, the workstruct structure may be modified by the LED controller during the...

6.8CVSS6.7AI score0.00454EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, picknextrtentity may return a type-confused entry, which is not detected by the BUGON condition. This is because the confused entry is not NULL, but rather points to the listhead. The buggy error condition would result in a type-confused entry being used as a schedrtentity,...

7CVSS6.5AI score0.00278EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In 64-bit versions of the Linux kernel, Copyfromuser does not implement uaccessbeginnospec, which allows a user to bypass the “accessok” check and pass a kernel pointer to copyfromuser. This would enable an attacker to leak sensitive information. We recommend upgrading beyond commit...

6.5CVSS6.6AI score0.00635EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk.Authenticated users can use string matching commands such as SCAN or KEYS with specially crafted patterns to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% of CPU resources. This issue has been fixed in...

5.5CVSS6.2AI score0.59706EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in TIF format

LibTIFF 4.4.0 contains an out-of-bounds read vulnerability in tiffcrop, located at line 3592 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious tiff file. For users who compile LibTIFF from source code, the fix is available in the comm...

6.8CVSS6.8AI score0.00421EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Wireshark

A memory leak occurs in the NFS dissector in Wireshark versions 4.0.0 to 4.0.2, and 3.6.0 to 3.6.10. This issue may lead to denial of service through packet injection or with specially crafted capture files...

6.5CVSS6.8AI score0.00857EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Wireshark

The iSCSI dissector crashes in Wireshark versions 4.0.0 to 4.0.2, and 3.6.0 to 3.6.10. It allows denial of service through packet injection or with crafted capture files...

6.5CVSS6.8AI score0.0085EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Vim

Use After Free in the GitHub repository vim/vim before version 9.0.0882...

7.8CVSS7.1AI score0.00655EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Vim

NULL pointer dereferencing in the GitHub repository for Vim/Vim before version 9.0.0552...

6.8CVSS6.7AI score0.0082EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Golang-1.15

Versions of Go before 1.14.14 and 1.15.x before 1.15.7 on Windows are vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that utilize cgo for example, cgo can execute a GCC program from an untrusted source...

7.5CVSS7.8AI score0.06497EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux - Vulnerability in linux-5.10

A vulnerability was discovered in the btrfsgetrootref function in fs/btrfs/disk-io.c within the Btrfs filesystem of the Linux kernel, caused by a double decrement of the reference count. This issue could allow a local attacker with user privileges to crash the system or lead to the disclosure of...

7.1CVSS6.6AI score0.00254EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: A sanity check was performed on curseg-alloctype. As Wenqing Liu reported in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215657 - Overview In the UBSAN library, an out-of-bounds access occurred at line 3460:2 in...

7.8CVSS6AI score0.00259EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

Linux block and network PV device frontends do not zero memory regions before sharing them with the backend CVE-2022-26365, CVE-2022-33740. Additionally, the granularity of the grant table does not allow sharing smaller than a 4K page, resulting in unrelated data residing in the same 4K page as...

7.1CVSS6.7AI score0.00325EPSS
Exploits0References2
Total number of security vulnerabilities18095