25766 matches found
Astra Linux - уязвимость в php7.3
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, various XML functions rely on the libxml global state to track configuration variables, such as whether external entities are loaded. This state is assumed to remain unchanged unless the user explicitly changes it by...
Astra Linux - уязвимость в golang-1.15
In Go versions before 1.14.14 and 1.15.x, as well as before 1.15.7, the crypto/elliptic/p224.go file may generate incorrect outputs due to a underflow of the lowest limb during the final complete reduction of the P-224 field...
Astra Linux - уязвимость в golang-gopkg-yaml.v3
A issue with the Un Marshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in golang-golang-x-text
In golang.org/x/text, the text/language field before version 0.3.7 can cause a panic due to an out-of-bounds read during BCP 47 language tag parsing. Index calculations are also handled incorrectly. If untrusted user input is parsed, this could be exploited as a vector for a denial-of-service...
Astra Linux - уязвимость в golang-1.19
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Moreover, the error string is created through repeated string concatenation, resulting in quadratic runtime. Therefore, a certificate provided by a malicious actor can...
Astra Linux - уязвимость в golang-1.19
The go command may execute arbitrary code during compilation when using cgo. This can occur when running “go get” on a malicious module, or when running any other command that compiles unauthorized code. This issue can be triggered by linker flags, specified via the cgo LDFLAGS directive. Flags...
Astra Linux - уязвимость в golang-1.19
The go command may execute arbitrary code during compilation when using cgo. This can occur when running “go get” on a malicious module, or when running any other command that compiles unauthorized code. This issue can be triggered by linker flags, specified via the cgo LDFLAGS directive. The...
Astra Linux - уязвимость в golang-1.19
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate significantly more memory than is...
Astra Linux - уязвимость в golang-1.15
In Go versions before 1.15.13 and 1.16.x, as well as before 1.16.5, certain configurations of ReverseProxy from net/http/httputil lead to a situation where an attacker can drop arbitrary headers...
Astra Linux - уязвимость в mariadb-10.3
It has been discovered that MariaDB Server v10.6.5 and earlier contain a use-after-free in the Itemargs::walkarg component, which can be exploited through specially crafted SQL statements...
Astra Linux - уязвимость в libxml2
A flaw was discovered in the xmlBuildQName function of libxml2. Integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue may result in memory corruption or a denial of service when processing malicious input...
Astra Linux - уязвимость в python-django
A issue was discovered in Django 5.0, prior to versions 5.0.7 and 4.2, prior to version 4.2.14. The getsupportedlanguagevariant function was vulnerable to a denial-of-service attack when used with very long strings containing specific characters...
Astra Linux - уязвимость в golang-1.19
The html/template package does not follow the correct rules for handling occurrences of "", "" within JS literals in contexts. This may cause the template parser to incorrectly consider script contexts as being terminated early, resulting in actions being properly escaped incorrectly. This could ...
Astra Linux - уязвимость в golang-1.19
A malicious HTTP/2 client that quickly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is limited by the http2.Server.MaxConcurrentStreams setting, resetting an ongoing request allows the attacker to create a new...
Astra Linux - уязвимость в golang-golang-x-text
An attacker can cause a denial of service by creating an Accept-Language header that requires ParseAcceptLanguage to take significant time to process...
Astra Linux - уязвимость в chromium
In Networking APIs of Google Chrome, before version 112.0.5615.49, it was possible for a remote attacker to exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to perform certain UI interactions. Chromium security severity: Medium...
Astra Linux - уязвимость в golang-1.19
Parsing multipart forms can consume large amounts of CPU and memory when processing form inputs containing a very large number of parts. This occurs due to several reasons: 1. The mime/multipart.Reader.ReadForm method limits the total memory that a parsed multipart form can consume. ReadForm may...
Astra Linux - уязвимость в chromium
The use of after-free in networks in Google Chrome before version 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в golang-golang-x-net
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which can be manipulated by...