953604 matches found
Astra Linux – Vulnerability in StrongSwan
StrongSwan before version 5.9.12 has a buffer overflow vulnerability, and there is a possibility of unauthenticated remote code execution through a DH public key value that exceeds the internal buffer of charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An attack can occur through a...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to execute arbitrary code by manipulating the processed input stream. However, users who followed the recommendations to set up XStream’s...
Astra Linux – Vulnerability in sysstat
Sysstat is a set of system performance tools for the Linux operating system. On 32-bit systems, in versions 9.1.16 and later, but before version 12.7.1, the allocatestructures function contained a sizet overflow in the sacommon.c file. The allocatestructures function insufficiently checked the...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available, by manipulating the processed input stream with a Java runtime version 14 to 8. ...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.51, using "After Free" in the Media section of Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the issue where the listen function sets the backlog to too high for preallocation rings. The listen handler of AFRXRPC allows you to set the backlog to 32 if you increase the sysctl value. However, since the...
Astra Linux – Vulnerability in libsoup2.4
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...
Astra Linux – Vulnerability in Squid
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URNs due to incorrect buffer management. This issue has been fixed in version 6.4. To address this problem, disable URN access...
Astra Linux – Vulnerability in Linux
In the drivers/target/targetcorexcopy.c file within the Linux kernel, prior to version 5.10.7, insufficient identifier checking in the LIO SCSI target code could be exploited by remote attackers to read or write files through directory traversal in an XCOPY request, known as CID-2896c93811e3. For...
Astra Linux – Vulnerability in Chromium
Using the "after free" mechanism in the File API in Google Chrome before version 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Erlang
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server might allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in the SSH protocol’s message handling, a malicious...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler calls the SCSI LLD ehaborthandler callback, it performs one of the following actions: Calls scsiqueueinsert. Calls scsifinishcommand. Calls scsiehscmdadd...
Astra Linux – Vulnerability in Chromium
In Google Chrome, memory access out of bounds in V8 before version 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the File System API of Google Chrome on Windows prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside of state checks. If the state is not idle, resolvepreparesrc should immediately fail, and no changes to the global state should occur. However, it srcaddr by attempting to create...
Astra Linux – Vulnerability in Chromium
Before version 93.0.4577.82, using the "after free" method in the Selection API in Google Chrome allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page, as long as that attacker could convince the user to visit a malicious website...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/siw: Fixed a refcounting leak in siwcreateqp. The atomicinc function needs to be paired with an atomicdec function in the error handling path...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system. In versions 2.4.2 and earlier, a heap buffer overflow vulnerability existed, which allowed a remote attacker to launch a Denial-of-Service DoS attack. This vulnerability was present in the formatlogline function. Exploitation of this...
Astra Linux – Vulnerability in GIMP
GIMP PSP File Parsing: An Off-by-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicio...
Astra Linux – Vulnerability in net-snmp
The handleipv6IpForwarding function in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP version 5.4.3 to 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...