56661 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: hfs: Ensure that sb-sfsinfo is always cleaned up. When hfs was converted to the new mount API, a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocat...
Astra Linux - уязвимость в openssl
Issue Summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes may leave the final partial block unencrypted and unauthenticated. Impact Summary: The last 1–15 bytes of a message may be exposed in...
Astra Linux - уязвимость в docker.io-app
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The likelihood of this being exploited...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise...
Astra Linux - уязвимость в chromium
Chromium: CVE-2021-30610 Use after free in Extensions API...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap API: Fixed a possible memory leak for vcapduprule A fault occurs when CONFIGVCAPKUNITTEST is selected. A memory leak occurs if kzalloc for duprule succeeds, but kmemdup fails. As a result, duprule, ckf, and c...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Networks: The tun device may destroy the NAPIs associated with it during destruction. Syzbot identified a race condition between the tun file and the destruction of the device. NAPIs are stored in the structtunfile structure, and...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: Make sure that the caller has CAPSYSADMIN in the correct user namespaces. What we want to ensure is that clone will not expose something hidden by a mount that we wouldn’t be able to undo. “ wouldn’t be able to...
Astra Linux - уязвимость в chromium
Before version 90.0.4430.72, using the "after free" mechanism in the Network API of Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted Chrome Extension...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed UAF in async decryption Performing async decryption large read results in a crash due to a slabuseafterfree issue in the crypto API. Reproducing this issue is as follows: mount.cifs -o ...,seal,esize=1...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: PSR-SU should also be disabled for Parade 08-01 TCON. Stuart Hayhurst has found that both during bootup and when the fullscreen VA-API video mode is used, black screens occur for about 1 second, along with a kern...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit allocation of the cpumask variable on the stack. For the CONFIGCPUMASKOFFSTACK=y kernel configuration, explicit allocation of the cpumask variable on the stack is not recommended, as it may cause a...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 96.0.4664.93, using the "after free" mechanism in the file API in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy through a crafted HTML page. Chromium security severity: Medium...