31624 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
A malicious website that could create a popup might resize the popup to overlay the address bar with its own content, causing potential confusion for users or leading to spoofing attacks. This bug only affects Thunderbird for Linux. Other operating systems are unaffected.. This vulnerability...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Nouveau/UVMM: Fixed calculations of addresses/ranges for remap operations. The issue with dEQP-VK.sparseresources.imagerebind.2darray.r64i.1281288 was causing a remap operation like the one below: opremap: prev: 0000003fffed00...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: octeonep: fixed a potential memory leak in octepdevicesetup. When errors such as unsupporteddev and mbox init occur, the variables oct-conf and iounmap oct-mmioi.hwaddr were not freed properly. This could lead to a memory leak...
Astra Linux – Vulnerability in OpenSSL
There is a type confusion vulnerability related to X.400 address processing within an X.509 GENERALNAME. X.400 addresses are parsed as ASN1STRING, but the public structure definition for GENERALNAME incorrectly specifies the type of the x400Address field as ASN1TYPE. This field is subsequently...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to perform a sanity check on the inlinedots inode. As Wenqing reported in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215765 This issue causes a kernel panic when performing the following actions: -...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ICMP: Fixed a data race around the sysctlicmperrorsuseinboundifaddr function. When reading sysctlicmperrorsuseinboundifaddr, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: zloop: Fixed the KASAN use-after-free of the tagset. When a zloop device is removed, the KASAN-enabled kernel reports a “BUG KASAN use-after-free” in the blkmqfreetagset function. This bug occurs because zloopctlRemove calls...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: VMCI: Check context-notifypage after calling getuserpagesfast to avoid GPF. The call to getuserpagesfast in vmcihostunlockedioctl may return NULL for context-notifypage, causing a GPF. To avoid this, check that context-notifypage...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A buffer overflow vulnerability was discovered in the Netfilter subsystem of the Linux kernel. This issue could allow the leakage of both stack and heap addresses, and potentially enable Local Privilege Escalation to the root user through arbitrary code execution...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fixed a null dereference issue in the parse of dev addr operation. A logical error was addressed, which could lead to a null dereference if the mode is set incorrectly for the given addr type...
Astra Linux – Vulnerability in konsole
KDE Konsole prior to version 25.04.2 allowed remote code execution in certain scenarios. It supported loading URLs from scheme handlers such as ssh://, telnet://, or rlogin:// URLs. This could be executed regardless of whether the ssh, telnet, or rlogin binary was available. In this mode, there w...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed a failure to detect corruption of DAT files in BTree and direct mappings. The patch series is titled “nilfs2: Fix kernel bug at submitbhwbc”. This resolves a kernel bug reported by syzbot. Since there are two...
Astra Linux – Vulnerability in curl
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. As a result, it does not detect impostor attacks or man-in-the-middle attacks...
Astra Linux – Vulnerability in Zabbix
The URL validation scheme receives input from a user and then parses it to identify its various components. This validation scheme ensures that all URL components comply with internet standards...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: In the case of a zoned filesystem, there’s a memory leak that occurs after finding a block group containing super blocks. In the excludesuperstripes function, if we encounter a block group that contains super blocks mapped...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fixed an issue where invalid address access occurred when enabling the SCAN log level. The variable i is changed when setting a random MAC address, causing invalid address access when printing the value of...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fixed a potential refcount underflow for idev. In addrconfmodrstimer, the reference to idev depends on whether rstimer is not pending. Therefore, the timeout of rstimer was modified. There is a time gap in 1 during...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: dropping short frames Technically, some control frames, such as ACK frames, are shorter and end after “Address 1”. Such frames should not be forwarded through wmediumd or similar user-space mechanisms...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: The logic for removing addresses in mptcppmnlrmaddr has been fixed. The inverted WARNONONCE condition that prevented normal address removal updates has also been fixed. The current code only executes the decrement logic...