17694 matches found
Astra Linux - уязвимость в u-boot
A issue was discovered in Das U-Boot during the period from 2019.07. There is a stack-based buffer overflow in the nfshandler reply helper function: nfsumountallreply...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerabilities have been resolved: cifs: Return the correct error code from smb2getenckey Avoid a warning if the error is passed back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ Cut here...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xfs: check the return value of xchkscrubcreatesubord. This function should be fixed to return NULL instead of the mangled ENOMEM value. Additionally, the calling functions should be corrected to actually check for a null pointer...
Astra Linux - уязвимость в u-boot
A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation with a failed length check at nfsreadreply, when calling storeblock in the NFSv2 case...
Astra Linux - уязвимость в linux-5.10, linux
A flaw in the use of free after the NILFS file system in the Linux kernel was discovered. This flaw causes the function security inodealloc to fail, leading to a call to the nilfsmdtdestroy function. A local user could exploit this flaw to crash the system or potentially escalate their privileges...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Handling of errors when calling attrsetsize during file truncation. If attrsetsize fails during file truncation, the error is silently ignored, and the inode may remain in an inconsistent state...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validated rec-used in journal-replay file record check The checkfilerecord function validates rec-total against the record size, but never validates rec-used. The doaction journal-replay handlers read rec-used from the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFSD: The encoder for NFSv2 GETACL results has been completed. The xdrstream conversion inadvertently left some code that set the pagelen of the send buffer. The XDR stream encoders should now handle this automatically. This...
Astra Linux - уязвимость в linux-5.10, linux
A NULL pointer dereference flaw exists in the diFree function in the fs/jfs/inode.c file of the Journaled File System JFS in the Linux kernel. This flaw could allow a local attacker to crash the system or leak internal kernel information...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL OPDESC simply indexes into nfsd4ops based on the operation number, without any range checking of that value. It assumes that callers will be careful enough to avoid calling...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in dbAdjTree. Currently, there is a missing bounds check when accessing the dmtstree within dbAdjTree. To address this issue, a boolean variable named “isctl” was added. This variable...
Astra Linux - уязвимость в grub2
A out-of-bounds read flaw was discovered in Grub2’s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack can result in sensitive data cached in memory or EFI variabl...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
A vulnerability related to out-of-bounds memory access was discovered in the Linux kernel’s XFS file system, regarding how a user restores an XFS image after a failure with a dirty log journal. This vulnerability allows a local user to crash the system or potentially escalate their privileges on...
Astra Linux - уязвимость в linux, linux-5.15
A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
A NULL pointer dereference issue was discovered in the gfs2 file system within the Linux kernel. This issue occurs in corrupted gfs2 file systems when the evict code attempts to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could explo...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When reading the name of a symbolic link from a UFS filesystem, grub2 fails to validate the string length provided as input. This lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and potentially allowing an attacker to...
MAL-2026-4702 Malicious code in vestibulect (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da0f0bb40f42e69defbea694db093f2ad880c8c094508f61e2d7fe58550e2e package.json declares a postinstall hook "postinstall": "node install.js" which executes install.js automatically on npm install. install.js imports ...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021544)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021544 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred ...
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-8279-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8279-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Cop...
Unbreakable Enterprise kernel security update
5.15.0-320.202.8.4 - ptrace: slightly saner 'getdumpable' logic Linus Torvalds Orabug: 39391447 CVE-2026-46333 5.15.0-320.202.8.3 - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache Jeff Layton Orabug: 39362036 CVE-2026-31402 - net/sched: Only allow actct to bind to clsact/ingress qdiscs and...