457208 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed by removing the unnecessary f2fsbugon function to avoid panics. The verifyblkaddr function will trigger a panic once we introduce a fault into f2fsisvalidblkaddr; this unnecessary f2fsbugon function has been remove...
Astra Linux – Vulnerability in Firefox and Thunderbird
An attacker could have injected CSS into stylesheets that are accessible via internal URIs, such as resource:, thereby bypassing a page’s Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
Astra Linux – Vulnerability in Thunderbird
During the plaintext phase of the STARTTLS connection setup, protocol commands could be injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...
Astra Linux – Vulnerability in Python 3.11, Python 3.7
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL’s media type...
Astra Linux – Vulnerability in Firefox
Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy might have been able to inject executable scripts. This would be severely restricted by the specified Content Security Policy o...
Astra Linux – Vulnerability in cifs-utils
It was discovered that cifs-utils’ mount.cifs function invoked a shell when requesting the Samba password, which could be exploited to inject arbitrary commands. An attacker who had special permissions, such as those through sudo rules, could use this vulnerability to escalate their privileges...
Astra Linux – Vulnerability in bluez
Bluetooth HID Hosts in BlueZ may allow an unauthenticated peripheral role HID device to initiate and establish an encrypted connection, and to accept HID keyboard reports. This could potentially allow the injection of HID messages when no user interaction has occurred in the Central role, thereby...
Astra Linux – Vulnerability in Apache2
Splitting HTTP responses across multiple modules in the Apache HTTP Server allows an attacker who can inject malicious response headers into backend applications to carry out an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fixed the issue of re-injecting stale data from stale subflows. When the MPTCP Process Manager detects that a subflow is stale, the packet scheduler must re-inject all the unacknowledged data at the mptcp-level. To avoid...
Astra Linux – Vulnerability in PostgresSQL 11
In the extension script, a SQL injection vulnerability was detected in PostgreSQL when the symbols @extowner@, @extschema@, or @extschema:...@ were used within quotation marks either dollar quotes, '', or other forms of quotation marks. If an administrator has installed files from a vulnerable,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: brd: Automatic disk creation is deferred until module initialization succeeds. My colleague Wupeng identified the following issues during fault injection: BUG: Unable to handle page faults for address: fffffbfff809d073 PGD:...
Astra Linux – Vulnerability in Firefox
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
Astra Linux – Vulnerability in Shadow
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...
Astra Linux – Vulnerability in Chromium
In incorrect security user interfaces of web app installations in Google Chrome on Android before version 90.0.4430.212, an attacker who convinced a user to install a web application could inject scripts or HTML into a privileged page through a crafted HTML page...
Astra Linux - Vulnerability in Golang-1.19
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With this fix, the HTTP/1 client will now refuse to send requests that contain an invalid Request.Host or Request.URL.Host value...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: igc: Do not fail igcprobe on LED setup errors When igcledsetup fails, igcprobe fails, leading to a kernel panic in freenetdev. This occurs because unregisternetdev is not called. This behavior can be tested using the...
Astra Linux – Vulnerability in python-urllib3
urllib3 before version 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...
Astra Linux – Vulnerability in curl
When curl 7.84.0 performs FTP transfers secured by krb5, it incorrectly handles message verification failures. This flaw allows a Man-In-The-Middle attack to go unnoticed, and even enables the attacker to inject data into the client’s system...
Astra Linux – Vulnerability in exim4
Exim 4.98 before 4.98.1 allowed remote SQL injection when SQLite hints and ETRN serialization were used. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...
Astra Linux – Vulnerability in Wireshark
A crash in the DNP dissector in Wireshark versions 3.4.0 to 3.4.6, as well as 3.2.0 to 3.2.14, allows for denial of service through packet injection or malicious capture files...