Lucene search
K
AstralinuxRecent

18102 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Chromium

In Networking APIs of Google Chrome, before version 112.0.5615.49, it was possible for a remote attacker to exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to perform certain UI interactions. Chromium security severity: Medium...

8.8CVSS7AI score0.00914EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Chromium

Using “after free” in WebRTC in Google Chrome before version 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00657EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Apache2

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server, that malicious AJP server can send a malicious AJP message back to modproxyajp, causing it to write 4 bytes controlled by the attacker after the end of a heap-based...

9.8CVSS7.2AI score0.01325EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Apache2

A out-of-bounds read vulnerability exists in the modproxyajp module of the Apache HTTP Server. This issue affects the Apache HTTP Server version up to 2.4.66. Users are recommended to upgrade to version 2.4.67, as this fix addresses the vulnerability...

5.3CVSS5.7AI score0.00393EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Apache2

A NULL pointer dereferencing in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: A “static” value was dropped from the fast-RX rxresult data structure. The function ieee80211invokefastrx is documented as safe for parallel RX operations. However, the rxresult returned by this function is declar...

8.8CVSS5.6AI score0.00161EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Apache2

Improper null termination and out-of-bounds read vulnerabilities in the Apache HTTP Server. This issue affects the Apache HTTP Server version up to 2.4.66. Users are recommended to upgrade to version 2.4.67, as this fix addresses the vulnerability...

5.3CVSS5.8AI score0.00485EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in node-minimatch

A vulnerability was discovered in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when the braceExpand function is called with specific arguments, resulting in a denial of service...

7.5CVSS6.8AI score0.01674EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A memory leak vulnerability was discovered in the eBPF of the Linux kernel, related to the Simulated networking device driver. This vulnerability arises from the way user functions using BPF for the device call the function nsimmapallocelem. A local user could exploit this flaw to gain unauthoriz...

5.5CVSS6.7AI score0.00227EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in SQLite3

In SQLite 3.30.1, the exprListAppendList function in the window.c file allows attackers to trigger a invalid pointer dereferencing issue, as constant integer values in ORDER BY clauses of window definitions are handled incorrectly...

7.5CVSS6.9AI score0.06937EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux

A locking issue was discovered in the tty subsystem of the Linux kernel through version 5.9.13. The file drivers/tty/ttyjobctrl.c allows for a use-after-free attack against TIOCSPGRP, also known as CID-54ffccbf053b...

7.8CVSS6.7AI score0.01129EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through version 5.9.13. Files drivers/tty/ttyio.c and drivers/tty/ttyjobctrl.c may allow a read-after-free attack on TIOCGSID, also known as CID-c8bcd9c5be24...

4.4CVSS6.6AI score0.00468EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Vim

Vim 8.2.2348 is vulnerable to null pointer dereferencing, allowing local attackers to cause a Denial of Service DoS attack through the exbufferall method...

5.5CVSS6.7AI score0.00273EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL derefrence when RX memory is exhausted The CPU receives frames from the MAC through conventional DMA: the CPU allocates buffers for the MAC, then the MAC fills those buffers and returns ownership to the...

7.5CVSS6.3AI score0.005EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.16 views

Astra Linux – Vulnerability in Qemu

It was found that the patch for CVE-2020-17380/CVE-2020-25085 is ineffective. As a result, QEMU becomes vulnerable to out-of-bounds read/write access issues that were previously identified in the SDHCI controller emulation code. This flaw allows a malicious privileged attacker to crash the QEMU...

5.7CVSS6.8AI score0.00638EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

10CVSS7.8AI score0.0225EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Samba

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client that can use a server symlink to determine whether a file or directory exists in a part of the server file system that is not exported under the share definition. This attack can only succeed if SMB1 with unix extensions i...

4.3CVSS6.8AI score0.01097EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in exim4

The STARTTLS feature in Exim up to 4.94.2 allows for response injection buffering during MTA SMTP sending...

7.5CVSS7.2AI score0.01996EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in nss

During ECDSA signature generation, padding is applied in the nonce to ensure that constant-time scalar multiplication is removed. However, this results in variable-time execution that depends on secret data. This vulnerability affects Firefox versions less than 80, as well as Firefox for Android...

4.7CVSS6.8AI score0.00323EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Input: iforce – invert the valid length check when fetching device IDs. syzbot is reporting an uninitialized value at iforceinitdevice 1. The commit 6ac0aec6b0a6 “Input: iforce – allow callers to supply a data buffer when fetchin...

5.5CVSS6.3AI score0.00165EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

In WebXR in Google Chrome, out-of-bounds memory access before version 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7AI score0.01031EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in jqueryui

jQuery UI is a collection of user interface interactions, effects, widgets, and themes built upon jQuery. Versions prior to 1.13.2 may be vulnerable to cross-site scripting attacks. Initializing a checkboxradio widget within an input enclosed within a label can cause the content of that parent...

6.1CVSS6.3AI score0.01933EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Netty

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high-performance protocol servers and clients. Before version 4.1.59.Final, there was a vulnerability on Unix-like systems involving an insecure temporary file. When Netty’s...

6.2CVSS6.7AI score0.01777EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A flaw was discovered in KVM. When updating a guest’s page table entry, vmpgoff was incorrectly used as the offset to obtain the page’s pfn. Since vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region...

7.8CVSS6.7AI score0.00385EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Scripting. The supported versions affected by this vulnerability are Oracle Java SE: 8u451, 8u451-perf, and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. The vulnerability is...

5.9CVSS6.9AI score0.00551EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in PDFs in Google Chrome before version 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

8.8CVSS7.3AI score0.00606EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of after free in the Media Session in Google Chrome before version 125.0.6422.141 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00819EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in ffmpeg

A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avbuffersrcaddframeflags function in buffersrc...

6.5CVSS6.8AI score0.00902EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in Audio in Google Chrome before version 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS7.3AI score0.0048EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx4en: A use-after-free bug has been fixed in mlx4entryallocresources. In mlx4entryallocresources, the mlx4encopypriv function is called, and tmp-txcq will be freed during the error path of mlx4encopypriv. After that,...

7.8CVSS6.1AI score0.00295EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect the driver from buggy firmware When processing port up/down events generated by the device’s firmware, the driver attempts to protect itself from events reported for non-existent local ports. However, it...

5.5CVSS6.1AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Chromium

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00617EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix for the race between nbdallocconfig and module removal When the nbd module is being removed, nbdallocconfig may be called concurrently by nbdgenlconnect. Although trymoduleget will return false, nbdallocconfig does not...

4.7CVSS6.2AI score0.00185EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Vim

Vim is vulnerable to Heap-based Buffer Overflow attacks...

7.8CVSS7.1AI score0.01792EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libvpx

There is a heap overflow vulnerability in libvpx. Encoding a frame with dimensions larger than the originally configured size using VP9 may lead to a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or higher...

7.5CVSS6.9AI score0.00368EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in sane-backends

A heap buffer overflow in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, known as GHSL-2020-080...

8.8CVSS7.8AI score0.03044EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the KVM’s AMD code, which handles SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the “virtext” field, this issue could all...

8.8CVSS6.7AI score0.00658EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

10CVSS7.7AI score0.02256EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in atftp

In atftp, before version 0.7.5, the options.c file was written beyond the end of an array, thereby exposing server-side /etc/group data to a remote client...

5.3CVSS6.8AI score0.01356EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Chromium

In the Sign-In Flow of Google Chrome, before version 104.0.5112.101 was released, remote attackers could potentially exploit heap corruption through specific UI interactions...

8.8CVSS7.3AI score0.00793EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Added missing syscalls to the read class. The “at” variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rule...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.6AI score0.00437EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb/client: A out-of-bounds read has been fixed in symlinkdata. Since smb2checkmessage returns a success result without performing length validation for the symlink error response, in symlinkdata, it is possible that iov-iovlen...

9.1CVSS5.8AI score0.00513EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftinner: Fixed the desynchronization of inner IPv6 headers. In nftinnerparsel2l3, when processing inner IPv6 packets, ipv6findhdr correctly calculates the transport header offset by traversing all extension headers...

9.1CVSS5.6AI score0.00322EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed NULL dereferencing and use-after-free in smctcpsynrecvsock. Syzkaller reported a panic in smctcpsynrecvsock. The smctcpsynrecvsock function is called in the TCP receive path softirq via icskafops-synrecvsock on...

9.8CVSS5.7AI score0.00488EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in the Side Panel in Google Chrome before version 119.0.6045.105 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7AI score0.01172EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fixed invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is opened and then closed, the dirty pages still remain in the pageref list. Eventually, those pages may be processed during the...

7.8CVSS6AI score0.00245EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in libxslt

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

7.5CVSS6.9AI score0.01817EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tipc: Improve size validations for received domain records The function tipcmonrcv allows a node to receive and process domainrecord structures from peer nodes to track their views of the network topology. This patch verifies tha...

5.5CVSS6.3AI score0.67994EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Qemu

A buffer overflow vulnerability was discovered in the ATI VGA device emulation provided by QEMU. This vulnerability occurs in the ati2dblt routine, during the handling of MMIO write operations, when the guest provides invalid values for the destination display parameters. A malicious guest could...

6.5CVSS6.8AI score0.00429EPSS
Exploits1References2
Total number of security vulnerabilities18102