52179 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Allocation error in cifssignalcifsdforreconnect. Skipped sessions that are being terminated status == SESEXITING to avoid UAF errors...
Astra Linux - уязвимость в gnutls28
A timing side-channel vulnerability in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be used to recover the key encrypted in the RSA ciphertext across a network, in a Bleichenbacher-style attack. To successfully decrypt the data, the attacker would...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed a potential NULL dereference in nfsgetclient. None of the callers is expected to receive a NULL return value from nfsgetclient. Therefore, this code will result in an Oops error. It’s better to return an error pointer....
Astra Linux - уязвимость в qemu
An integer underflow issue was discovered in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could exploit this flaw to render QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fixed an out-of-bounds read in cifssanitizeprepath. When cifssanitizeprepath is called with an empty string or a string containing only delimiters e.g., /, the current logic attempts to check cursor2 - 1 before...
Astra Linux - уязвимость в isc-dhcp
In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP e.g., releases in the 4.0.x series or earlier, and releases in the 4.3.x series are beyond their End-of-Life period and are no longer supported by ISC. It is clear that this defect is also present in releases...
Astra Linux - уязвимость в qemu
A flaw was discovered in the QEMU’s built-in VNC server during the processing of ClientCutText messages. The qemuclipboardrequest function can be accessed before vncservercuttextcaps is called, which gives a malicious authenticated VNC client the opportunity to initialize the clipboard peer. This...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Check whether a station exists first in the client probe. When probing a client, first check whether a station exists, and then check the channel context. Otherwise, a warning can easily be triggered by probing wh...
Astra Linux - уязвимость в linux-6.1
A use-after-free vulnerability in the Linux kernel’s fs/smb/client component can be exploited to achieve local privilege escalation. In the event of an error in smb3fscontextParseparam, the ctx-password variable is freed, but the variable is not set to NULL, which could lead to a double-free. We...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if the client driver is available. For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if the client driver is available. Otherwise, it will result in a null...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: 9p: transfd/p9conn Cancel: release the client lock earlier. The syzbot reported a double-lock issue here, and we no longer need this lock after the requests have been moved to the local list. We can simply release the lock earlie...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3....
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nfsd: Locking is provided for v4endgrace. Writing to v4endgrace can cause a race condition with server shutdown, resulting in memory being accessed after it has been freed—especially in the case of reclaimstrhashtbl. We cannot ho...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: Fixed a regression issue related to native SMB symbolic links. Some users and customers reported that their backup/copy tools began to fail when the directory being copied contained symbolic link targets that the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: stratix10-rsu: Fixed a NULL pointer dereference issue when RSU is disabled. When the Remote System Update RSU is not enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when...
Astra Linux - уязвимость в freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server could crash the FreeRDP client by sending invalid huge allocation sizes. Version 3.5.1 includes a patch for this issue. There are no known workaround solutions available...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the URBDRC client used server-supplied interface numbers as array indices without bounds checks, resulting in a out-of-bounds read in libusbudevselectinterface. This vulnerability has been fixed in version...
Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a potential Use-after-Allocation UAF in cifsstatsprocshow. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes. The modes in drcmclientmodesetprobe may fail to be allocated using kcalloc. If this occurs, we jump to out, and modesDestroy is called on it. This action will dereference modes. This could...
Astra Linux - уязвимость в erlang
In Erlang/OTP versions prior to 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there was a situation where Client Authentication Bypass occurred in certain client-certification scenarios for SSL, TLS, and DTLS...