8263 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
By manipulating the text within the tag, an attacker could cause corrupted memory, leading to a potentially exploitable crash. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: Disable the elevator delgendisk. The elevator is only used for file system operations, which are halted during delgendisk. Disabling the elevator and freeing the scheduler tags should be moved to the end of delgendisk,...
Astra Linux – Vulnerability in Python-Django
In Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2, the % debug % template tag does not encode the current context properly. This may lead to Cross-Site Scripting XSS attacks...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-mq: The issue of tag leaks during the shrink nrhwqueues operation has been fixed. Although we don’t need to reallocate the set-tags array when performing shrink nrhwqueues, we still need to free those tags. Otherwise, these...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ata: satadwc460ex: Fixed a crash that occurred due to out-of-bounds writing. The driver utilizes the “tag” values from various arrays provided by libata. Since the mentioned patch increased ATATAGINTERNAL to 32, the value of...
Astra Linux – Vulnerability in Firefox and Thunderbird
Firefox may have incorrectly parsed a URL and reverted it to the youtube.com domain during parsing of the URL specified in an embed tag. This could have bypassed website security checks that restrict which domains users are allowed to embed. This vulnerability was fixed in Firefox 140, Firefox ES...
Astra Linux – Vulnerability in Chromium
Before version 105.0.5195.52, using free after a tag in the browser with Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fixed the issue where blkmqtags double-freeed when nrrequests increased. In cases where user-triggered tags increase due to the nrrequests attribute in the queue sysfs, hctx-schedtags will be directly freed and replaced...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a potential out-of-bound read issue in ext4fcreplayscan. For the scan loop, it is necessary to ensure that at least EXT4FCTAGBASELEN space is available. If the remaining space is less than EXT4FCTAGBASELEN, it may lea...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dm integrity: Memory corruption occurs when tagsize is less than digestsize. It is possible to configure dm-integrity in such a way that the tagsize parameter is smaller than the actual digestsize. In this case, a portion of the...
Astra Linux – Vulnerability in Firefox
tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a bug in btf DeclTag when tagging a function. syzbot reported a bug in btf DeclTag with a stack trace as follows: - General protection fault, likely for the non-canonical address 0xdffffc0000000000: 0000 1 PREEMPT SMP...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: added a bounds check on the Transfer Tag. The ttag is used as an index to retrieve the cmd in nvmettcphandleh2cdatapdu. A bounds check was added to prevent out-of-bounds access...
Astra Linux - Vulnerability in Golang-1.19
Using Parse with a build tag line like "// +build" and deeply nested expressions can lead to a panic due to stack exhaustion...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag8021q: Avoid leaking ctx on the error path of dsatag8021qregister If dsatag8021qsetup fails, for example due to the inability of the device to install a VLAN, the tag8021q context of the switch will be leaked. Make...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Turn quotas off if mount fails after enabling quotas Yi discovered during a review of the patch “ext4: Don’t report errors with inconsistent journal features” that when ext4markrecoverycomplete returns an error value, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: codetag: debug: handling the CODETAGEMPTY value in markobjextsempty for slabobjext. When allocslabobjexts fails and then successfully allocates a slab extension vector, it calls handlefailedobjextsalloc to mark all objects in the...
Astra Linux – Vulnerability in qtdeclarative-opensource-src
Unrestricted or throttled resource allocation, improper validation of the specified quantity in input parameters, and vulnerabilities in The Qt Company’s Qt framework on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64-bit, and 32-bit platforms can lead to excessive resource allocation. This iss...
Astra Linux – Vulnerability in TIF format
LibTIFF 4.4.0 contains an out-of-bounds read vulnerability in tiffcrop, located at line 368 of libtiff/tifunix.c. This vulnerability is invoked by lines 2903 and 6921 in tools/tiffcrop.c. This allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile...
Astra Linux – Vulnerability in Firefox, Thunderbird
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have led to XSS attacks on websites that insecurely serve files without a content-type header. This vulnerabilit...