12778 matches found
Astra Linux - уязвимость в evolution-data-server
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client by dereferencing a NULL pointer, by sending an invalid e.g., minimal CAPABILITY line during a connection attempt. This issue is related to the imapxfreecapability and imapxconnecttoserver functions...
Astra Linux - уязвимость в glibc
The iconv program in the GNU C Library also known as glibc or libc6 version 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, resulting in a...
Astra Linux - уязвимость в postgresql-11
Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: um: line: always fill errorout in setuponeline The pointer is not initialized by the callers, but I’ve encountered cases where it is still printed; initialize it in all possible cases within setuponeline...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: Minor fix for a potential memory leak in mlxswmlinecardsinit. The line cards array is not freed during the error path of mlxswmlinecardsinit, which could lead to a memory leak. This issue was addressed by freeing the array...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fixed a stack overflow issue in line6miditransmit. The issue involves correctly calculating the available space, including the size of the buffer. This fix addresses a buffer overflow that could occur when multiple...
Astra Linux - уязвимость в nasm
There is a use-after-free in asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16, which will cause a denial of service during a line-number increment attempt...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ALSA: hda: Fixed an error related to surround channel names in version 9.1. The getlineoutpfx function may trigger an error due to overflowing a static array with more than 8 channels. This issue was reported on MacBookPro 12....
Astra Linux - уязвимость в parsec
The vulnerability of the parsecmdlin function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в exim4
Exim 4 before 4.94.2 allows Heap-based Buffer Overflows because it mishandles the "-F’.‘” syntax on the command line. This may allow privilege escalation from any user to root. This issue occurs due to the incorrect interpretation of negative sizes in the strncpy function...
Astra Linux - уязвимость в gnupg2
GnuPG versions up to 2.3.6 allow for signature forgery in unusual situations where an attacker possesses secret-key information from a victim’s keyring, and other constraints such as the use of GPGME are met. This can be achieved by injecting malicious data into the command line’s status line...
Astra Linux - уязвимость в netty
Netty is an asynchronous, event-driven network application framework for developing maintainable, high-performance protocol servers and clients. In versions 4.1.124.Final and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: requires CAPNETADMIN to attach NGSM0710 ldisc Any unprivileged user can attach to NGSM0710 ldisc, but it still requires CAPNETADMIN to create a GSM network. Additionally, requiring CAPNETADMIN for the initial namespace...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disabled the automatic enable of exclusive INTx/IRQs. Currently, for devices that require masking at the irqchip for INTx, i.e., devices without DisINTx support, the IRQ is enabled in requestirq, and subsequently disabl...
Astra Linux - уязвимость в ansible
A flaw was discovered in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur when facts used in the template do not include special template characters, especially if the user attempts to embed templates within multi-line YAML strings. This flaw allows...
Astra Linux - уязвимость в openssl
Issue summary: Writing large, newline-free data into a BIO chain using the line-bufferring filter, where the next BIO performs short writes, can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption, typically resulting in a crash, leading ...
Astra Linux - уязвимость в golang-logrus
There is a denial-of-service vulnerability in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read operation fails with “token too long”, and the writer pipe is close...
Astra Linux - уязвимость в rabbitmq-server
RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization, potentially allowing JavaScript code to execute withi...
Astra Linux - уязвимость в waitress
Waitress, in version 1.3.1, implemented a “MAY” clause from RFC7230. This clause states: “Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.” Unfortunately, if a front-end...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fixed a potential memory overflow issue with staticcommandline. We allocated memory of size ‘xlen + strlenbootcommandline + 1 for staticcommandline. However, the strings copied into staticcommandline were actually fr...