28912 matches found
Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Do not leak a resource on eviction error. For eviction errors other than -EMULTIHOP, we were leaking a resource. This issue has been fixed. v2: - Avoid using another “goto” statement. Andi Shyti...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added a bounds check for the create lease context. A missing bounds check was added for the create lease context...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: virtio/vsock: Fixed an uninit-value issue in virtiotransportrecvpkt KMSAN reported the following uninit-value access issues: ===================================================== BUG: KMSAN: uninit-value in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel’s BPF subsystem. This...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoiding soft lockup when using mprotect on a large memory area When calling mprotect on a large hugetlb memory area in our customer’s workload 300GB of hugetlb memory, soft lockup was observed: watchdog: BUG: soft...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added an array index check for hdcp ddc access. Reason Coverity reports an OVERRUN warning. Do not check if the array index is valid. How Check that the msgid is valid and that the array index is valid...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Net: Restrict SOREUSEPORT to inet sockets. After the bug was identified, crypto sockets could accidentally be destroyed due to a RCU call back, as discovered by zyzbot 1. Attempting to acquire a mutex in an RCU callback is not...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: rds: Fixed a possible NULL pointer dereferencing issue. In the rdsrdmacmeventhandlercmn function, if the conn pointer exists before dereferencing it as an argument for rdmasetservicetype, a problem was identified. This issue...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the race condition issue caused by session lookup and expiration. The session reference count was incremented within the lock during the lookup operation, thereby avoiding the race condition related to session...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fixed a warning related to GPIO controllers that need to sleep. The ilitek-ili9881c uses the non-sleeping gpiodsetvalue function to control the reset GPIO. This issue occurs when the GPIO controller...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Audit: Fixed a possible soft lockup in audit inode child. Tracefs or debugfs might cause hundreds to thousands of PATH records. Too many PATH records might lead to a soft lockup. For example: 1. CONFIGKASAN=y && CONFIGPREEMPTION=...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cdrom: The check for lastmediachange has been rearranged to avoid unintentional overflow. When running syzkaller with the newly reintroduced signed integer wrap sanitizer, we encounter this error: 366.015950 UBSAN:...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fixed the DMA buffer leak issue. Release the DMA buffer when probe returns an error to avoid memory leaks...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: MIPS: Loongson64: DTS: Actually fixed the PCIe port nodes for ls7a. Fixed the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning interruptprovider: /bus@10000000/pci@1a000000: 'interrupt-cells' found,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: Do not assume adequate headroom for SDIO headers The function mt7921usbsdiotxprepareskb calls mt7921usbsdiowritetxwi and mt7921skbaddusbsdiohdr. Both functions blindly assume that adequate headroom will be available...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mlxbfgige: stop interface during shutdown The mlxbfgige driver intermittantly encounters a NULL pointer exception while the system is shutting down via "reboot" command. The mlxbfdriver will experience an exception right after...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-tpo-tpg110: fixed a possible null pointer dereferencing issue. In tpg110getmodes, the return value of drmmodeduplicate is assigned to mode. This could lead to a NULL pointer dereferencing issue if drmmodeduplicate...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: armscpi: Check the DVFS OPP count returned by the firmware. A kernel crash occurs with the following call trace when the SCPI firmware returns an OPP count of zero. on some platforms, dvfsinfo.oppcount may be zero...