17694 matches found
Astra Linux - уязвимость в chromium
Before version 94.0.4606.54, using the "after free" mechanism in the File System API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Insufficient data validation in the File System of Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Reworked the handling of scratch space for READPLUS again I discovered that the read code might send multiple requests using the same nfspgioheader. However, the nfs4procreadsetup function is only called once. As a resul...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed the directory separator in SMB1 UNIX mounts. When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps. Otherwise, it may result ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix for a kernel crash that occurred due to a null io-bio. We should return immediately if io-bio is null before performing any actions. Otherwise, a panic will occur. Bug: Kernel NULL pointer dereferencing, address:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc, mm/kasan: Respect the gfp mask in kasanpopulatevmalloc. kasanpopulatevmalloc and its helpers ignore the caller’s gfpmask and always allocate memory using the hardcoded GFPKERNEL flag. This makes them inconsistent with...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: cifs: The xid leak in cifsflock has been fixed. If flock is not used, before returning -ENOLCK, the xid should be freed; otherwise, the xid will be leaked...
Astra Linux - уязвимость в u-boot
An integer overflow occurs in the ext4fsreadsymlink function in Das U-Boot before version 2025.01-rc1. This issue arises due to the use of the zalloc function, which adds one to a le32 variable. This occurs through a crafted ext4 file system with an inode size of 0xffffffff. As a result, the mall...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a deadlock in nilfscountfreeblocks A semaphore deadlock can occur if nilfsgetblock detects metadata corruption while locating data blocks, and a superblock writeback occurs at the same time: task 1 task 2 ------...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed races between xattrset|get and listxattr operations. Some issues may occur when performing concurrent xattrset|get and listxattr operations, such as assertion failures, memory corruption, and stale xattr values1. Thi...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds access in ntfs inode syncstandardinformation in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass the file extension policy through a crafted HTML page...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can cause a heap-based buffer overflow in ntfscompressedpwrite in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в linux
A memory-bound write flaw 1 or 2 bytes of memory was identified in the Linux kernel’s NFS subsystem, related to the way users use mirroring replication of files via NFS. A user with access to the NFS mount could potentially exploit this flaw to crash the system or escalate privileges on the syste...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerabilities have been resolved: USB: usbfs: Do not issue a WARN message regarding excessively large memory allocations. Syzbot discovered that the kernel generates a WARN message if the user attempts to perform a bulk transfer using usbfs with a buffer that ...
Astra Linux - уязвимость в ntfs-3g
In NTFS-3G, from version 2021.8.22, ntfsck has a heap-based buffer overflow issue, involving a value of buffer+5123-2. NOTE: The upstream documentation states that ntfsck is deprecated; however, it is still being distributed with some Linux distributions...
Astra Linux - уязвимость в chromium
Before version 101.0.4951.41, using the "after free" mechanism in the File System API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...