48569 matches found
Astra Linux – Vulnerability in Thunderbird
During the plaintext phase of the STARTTLS connection setup, protocol commands could be injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will attempt to dereference @ses, resulting in a segmentation...
Astra Linux – Vulnerability in Zabbix
A authenticated user can create a hosts group using the configuration with XSS payload, which will be available to other users. When XSS is stored by an authenticated malicious actor, and other users attempt to search for groups during the creation of new hosts, the XSS payload will activate,...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew This patch improves error handling in scenarios where RTS Request to Send messages arrive frequently. It replaces the less informati...
Astra Linux – Vulnerability in SQLite3
A vulnerability was discovered in SQLite SQLite3 version 3.43.0 and is classified as critical. This issue affects the sessionReadRecord function in the file ext/session/sqlite3session.c of the make alltest component. The vulnerability results in a heap-based buffer overflow. It is recommended to...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Commands from recovery entries are freed after a session is closed. This leads to a use-after-free when the commands are freed, or a NPE Non-Programmable Error can occur with such a call trace: Time2Retain...
Astra Linux – Vulnerability in symfony
Symfony is a PHP framework for web and console applications, along with a set of reusable PHP components. When authenticating users, Symfony automatically regenerates the session ID upon login, but preserves the remaining session attributes. Since this does not clear the CSRF tokens upon login, i...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed the xid leak in cifssesaddchannel Before returning, it is necessary to free the xid; otherwise, the xid will be leaked...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Do not expire a session when a binding attempt fails. When a multichannel session binding request fails e.g., due to an incorrect password, the error path unconditionally sets sess-state to SMB2SESSIONEXPIRED. However,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a use-after-free in ksmbdclosefd, through the use of a durable scavenger mechanism. When a durable file handle persists after a session disconnection TCP closure without SMB2LOGOFF, sessionfdcheck sets fp-conn to NUL...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability classified as problematic has been discovered in the Linux kernel. The affected function is j1939sessiondestroy in the file net/can/j1939/transport.c. This manipulation leads to a memory leak. It is recommended that a patch be applied to fix this issue. The identifier of this...
Astra Linux – Vulnerability in Chromium
The use of after free in the Media Session in Google Chrome before version 125.0.6422.141 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fix deadlock in smb2findsmbtcon Unlock cifstcpseslock before calling cifsputsmbses to avoid such deadlocks...
Astra Linux – Vulnerability in Firefox and Thunderbird
By injecting a cookie with certain special characters, an attacker on a shared subdomain that is not in a secure context can set and overwrite cookies from a secure context. This leads to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...
Astra Linux – Vulnerability in Tomcat9
Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-...
Astra Linux – Vulnerability in Jetty9
For Eclipse Jetty versions = 9.4.40, = 10.0.2, and = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. In deployments with clustered sessions and multiple contexts, this can result in a session not...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a race condition in the RPC handle list access mechanism. The sess-rpchandlelist XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by sess-rpclock a rwsemaphore...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of a null pointer dereference error in generateencryptionkey has been fixed. If a client sends two session setups with KRB5 authentication to ksmbd, a null pointer dereference error in generateencryptionkey can...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fixed a memory leak by freeing the untracked persist buffer. A internal buffer that is allocated only once per session was not being freed during session closure. This was because it wasn’t tracked as part of the...
Astra Linux – Vulnerability in Wireshark
The SDP protocol dissector in Wireshark versions 4.6.0 to 4.6.4 allows for a denial of service attack...