5499 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use safe list iterator to avoid a use after free This loop is freeing the variable “clk”, so it needs to use listforeachentrysafe. Otherwise, it will dereference a freed variable to obtain the next item in the loop...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Before version 104.0.5112.79, using "After Free" in Safe Browsing in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6: fixed a race condition between ipv6getifaddr and ipv6deladdr Although ipv6getifaddr operates under the RCU lock, it still allows hlistforeachentryrcu to return an item that has already been removed from the list. The memory...
Astra Linux – Vulnerability in symfony
Symfony is a PHP framework for web and console applications, along with a set of reusable PHP components. Starting from versions 2.0.0, 5.0.0, and 6.0.0, and before versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension used issafe=html, but they did not actually ensure that their...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fixed the use-after-free issue in gtpdellink. Since the callrcu function, which is called during the hlistforeachentryrcu traversal of gtpdellink, is not part of the RCU read critical section, it is possible that the RC...
Astra Linux – Vulnerability in Chromium
Before version 97.0.4692.99, using "After Free" in Safe Browsing in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in rsync
A flaw was discovered in rsync. When the --safe-links option is used, the rsync client fails to properly verify whether a symbolic link destination sent from the server contains another symbolic link within it. This leads to a path traversal vulnerability, which may result in arbitrary file writi...
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using "After Free" in Safe Browsing in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings through a malicious file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fix for dma-fence safe access rules Commit 506aa8b02a8d6 “dma-fence: Add safe access helpers and document the rules” details the dma-fence safe access rules. The most common issue is that...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed list corruption in perfcgroupswitch. There is list corruption in cgrpcpuctxlist. This occurs at the following path: perfcgroupswitch: listforeachentrycgrpcpuctxlist cpuctxschedin ctxschedin ctxpinnedschedin...
Astra Linux – Vulnerability in Chromium
Before version 106.0.5249.119, using “After Free” in Safe Browsing in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before the release of 87.0.4280.141, users who were browsing safely in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: There is an issue with the correct reference to the devm device for the hidinput inputdevice name. The reference should be made to the HID device, not the input device, when allocating the inputdev name. Referring t...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.74, using Safe Browsing in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Net: Bridge – Use DEVSTATSINC The syzbot/KCSAN reported a data race in the brhandleframefinish function 1. This function can be executed on multiple CPUs without mutual exclusion. It is recommended to use the SMP-safe DEVSTATSINC...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgrlock The smpcallfunction always runs its callback in a hard IRQ context, even when running under PREEMPTRT, where spinlocks may be in a sleeping state. Therefore, we need to use a raw...
Astra Linux – Vulnerability in Thunderbird
Unexpected data returned from the Safe Browsing API could lead to memory corruption and potentially exploitable crashes. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fixed a sleep-in-atomic bug caused by genpddebugRemove When a genpd with GENPDFLAGIRQSAFE is removed, the following sleep-in-atomic bug will occur, as genpdDebugRemove will be called with a spinlock held. 0.029183 BU...