252171 matches found
Astra Linux - уязвимость в htmldoc
In HTMLDOC prior to version 1.9.19, there is a vulnerable write operation in parseparagraph in ps-pdf.cxx, due to an attempt to remove leading whitespace from a whitespace-only node...
Astra Linux - уязвимость в node-ansi-regex
ansi-regex is vulnerable to inefficient regular expression complexity...
Astra Linux - уязвимость в node-minimatch
A vulnerability was discovered in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when the braceExpand function is called with specific arguments, resulting in a denial of service...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a potential memory leak in “addwidgetnode”. Since “kobjectadd” may allocate memory for “kobject-name” when returning an error. In this function, if the call to “kobjectadd” fails, the memory is not freed...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Added a check for the return value of offinddevicebynode. Added a check on the return value of offinddevicebynode, and return an error if it fails, in order to avoid NULL pointer dereferencing...
Astra Linux - уязвимость в nodejs
Node.js versions that bundle a unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL that is also unpatched are vulnerable to the Marvin attack – https://people.redhat.com/hkario/marvin/. This vulnerability occurs when performing RSA decryption using a private key,...
Astra Linux - уязвимость в nodejs
A vulnerability related to OS command injection exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1. This vulnerability arises due to an insufficient check in the IsAllowedHost function, which can be easily bypassed. Additionally, the IsIPAddress function does not properly check whether ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mtd: core: Fixed a refcount error in delmtddevice. delmtddevice calls ofnodeput to mtdgetofnodemtd, which is mtd-dev.ofnode. However, memset&mtd-dev, 0 is called before ofnodeput. As a result, ofnodeput does nothing in...
Astra Linux - уязвимость в node-ssri
ssri 5.2.2-8.0.0; fixed in 8.0.1. This version processes SRIs using a regular expression, which is vulnerable to a denial of service attack. Malicious SRIs could take an extremely long time to process, resulting in a denial of service. This issue only affects consumers who use the “strict” option...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of clearing dirty inodes in f2fsevictinode. As reported by Yanming in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215904 The kernel message is as follows: Kernel BUG at fs/f2fs/inode.c:825! Call...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: bcache: The issue with bchbtreenodealloc has been fixed to ensure that the failure behavior is consistent. In some specific situations, the return value of bchbtreenodealloc might be NULL. This could lead to a potential NULL...
Astra Linux - уязвимость в node-semver
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ath11k: The function ofnodeput was added to prevent a leak. The node pointer is returned by offindnodebytype or ofparsephandle, where the reference count is incremented. Calling ofnodeput is necessary to address the reference cou...
Astra Linux - уязвимость в batik
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: A reference leak of the device node was fixed in the logicvcdrmconfigParse function. The logicvcdrmconfigParse function calls ogetchildbyname to find the “layers” node, but it fails to release the reference, resultin...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: irqchip/alpine-msi: The refcount leak in alpinemsixinitdomains has been fixed. The function ofirqfindparent returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Do not use freedevicenode in graphutilParsedai The commit 419d1918105e states that “ASoC: simple-card-utils: Use freedevicenode for devicenode.” However, freedevicenode is used for dlc-ofnode, but it need...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoided invalid memory access via nodeonlineNUMANONODE. KASAN reports: 4.668325 T0 BUG: KASAN: wild-memory-access in dmarparseonerhsa arch/x86/include/asm/bitops.h:214, arch/x86/include/asm/bitops.h:226,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: mdiobus: fix unbalanced node reference count I encountered the following issue during the devicemscc-miim load test, with CONFIGOFUNITTEST and CONFIGOFDYNAMIC enabled: OF: Error: memory leak; expected refcount 1 instead of 2...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: MIPS: Cavium-Octeon: The issue of missing nodeput in octeon2usbclocksstart has been fixed. We should call nodeput for the reference uctlnode returned by ofgetparent, as this will increase the refcount. Otherwise, there will be a...