252189 matches found
Astra Linux - уязвимость в yaml-cpp
The SingleDocParser::HandleNode function in yaml-cpp also known as LibYaml-C++ 0.5.3 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: A refcount leak was fixed in ofgetocmem. ofparsephandle returns a node pointer with a refcount incremented. We should use ofnodeput on it when it is no longer needed. Add the missing ofnodeput function to avoid...
Astra Linux - уязвимость в node-json-schema
JSON-schema is vulnerable to improperly controlled modification of object prototype attributes known as “Prototype Pollution”...
Astra Linux - уязвимость в http-parser
Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...
Astra Linux - уязвимость в ansible
A flaw was discovered in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then select a new destination path on the controller node. All versions under 2.7.x, 2.8.x, and 2.9.x branches are believed to be vulnerable...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the leak of the expander node in mpi3mrremove. Added a missing resource cleanup in .remove...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: fslmqs – moveofnodeput has been moved to the correct location. ofnodeput should have been executed immediately after mqspriv-regmap = sysconnodetoregmapgprnp;. Otherwise, it causes a reference leak during the successful...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed a null pointer dereferencing after failing to issue FLOGI and PLOGI commands. If lpfcissueelsflogi fails and returns a non-zero status, the node’s reference count is decremented to trigger the release of the...
Astra Linux - уязвимость в node-es5-ext
es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. This vulnerability has been fixed in v0.10.63...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/spufs: Fixed a refcount leak in spufsinitisolatedloader. The function offindnodebypath returns a nodepointer for a remote device, with the refcount incremented. We should use ofnodeput on it after processing. Add the...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: All reserved memblocks on Node0 are set at initialization. After the commit 61167ad5fecdea "mm: pass nid to reservebootmemregion", a panic occurs if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle...
Astra Linux - уязвимость в gpac
A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...
Astra Linux - уязвимость в node-ini
This affects the package ini before version 1.3.6. If an attacker submits a malicious INI file to an application that parses it using ini.parse, they will corrupt the prototype within the application. This can be further exploited depending on the context...
Astra Linux - уязвимость в node-shelljs
ShellJS is vulnerable to improper privilege management...
Astra Linux - уязвимость в node-tar
The npm package “tar” also known as node-tar in versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent the extraction of absolute file paths by converting absolute paths into relative...
Astra Linux - уязвимость в node-body-parser
body-parser is a Node.js body parsing middleware. body-parser version 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue has...
Astra Linux - уязвимость в f2fs-tools
There is an exploitable code execution vulnerability in the fsckchkorphannode functionality of the F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to a heap buffer overflow, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Fixed error handling in mt8195mt6359rt1019rt5682devprobe. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This...
MAL-2026-4665 Malicious code in security-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...
Malicious code in axiosqqq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...