8263 matches found
GHSA-VQ2F-VCC9-J8MV Python Liquid: Infinite loop when parsing malformed `{% case %}` tags
Impact Given a malformed % case % tag without associated % when % or % else % block, and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack. Patches The issue is fixed in...
GHSA-CVXM-645Q-P574 containerd: CRI checkpoint import allows local image tag poisoning
Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious...
Astra Linux – Vulnerability in Rails
An XSS vulnerability exists in the Action View tag helpers versions 5.2.0 and below, which would allow an attacker to inject content if they can control the input into specific attributes...
Astra Linux – Vulnerability in TIF format
A vulnerability was discovered in the libtiff library. This flaw causes a heap buffer overflow issue due to the TIFFTAGINKNAMES and TIFFTAGNUMBEROFINKS values...
Astra Linux – Vulnerability in ffmpeg
A buffer overflow vulnerability exists in FFmpeg 4.2 in the movwritevideotag function, due to an out-of-bounds access in the libavformat/movenc.c file. This vulnerability could allow a remote malicious user to obtain sensitive information, cause a Denial of Service, or execute arbitrary code...
Astra Linux – Vulnerability in python-reportlab
All versions of the reportlab package are vulnerable to Server-side Request Forgery SSRF via img tags. To reduce this risk, use trustedSchemes and trustedHosts see Reportlab’s documentation. Steps to reproduce by Karan Bamal: 1. Download and install the latest version of the reportlab package. 2...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags are cleared or restored Prior to commit 69e3b846d8a7 “arm64: mte: Sync tags for pages where PTE is untagged”, mtesynctags was only called for ptetagged entries those mapped with...
Astra Linux – Vulnerability in libass
A stack overflow occurred in the parsetag function in libass/assparse.c in libass before version 0.15.0. This vulnerability allows remote attackers to cause a denial of service or remote code execution through a crafted file...
Astra Linux – Vulnerability in Firefox and Thunderbird
Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: prevented decltag from being referenced in funcproto Syzkaller was able to exploit the following issue: ------------ cut here --- WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btftypeidsize+0x2d5/0x9d0...
Astra Linux – Vulnerability in Linux 5.15
A issue was discovered in the Linux kernel before version 6.3.4. ksmbd has a buffer overflow vulnerability in the smb2findcontextvals function, when the namelen of createcontext is larger than the length of the tag...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: NVMe: Fixed the failure in reconnection due to reserved tag allocation. We identified an issue in a production environment while using NVMe over RDMA. The reconnection of adminq failed indefinitely, even when the remote target an...
Astra Linux – Vulnerability in TIF format
LibTIFF 4.3.0 has a out-of-bounds read issue in TIFFmemcpy in tifunix.c, especially in situations where a custom tag is used, and 0x0200 is the second value in the DE field...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The description of the “TAG 66 Packet Format” lacks the cipher code and checksum fields, which are packed within the message packet. As a result, the buffer allocated for the packet is ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevention of potential integer overflows If the tag length is greater than or equal to U32MAX – 3, the addition of “length + 4” can lead to an integer overflow. This issue can be addressed by breaking down the decoding...
Astra Linux – Vulnerability in nss
A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Prevent “decltag” from being referenced in “funcproto” arguments. Syzkaller managed to encounter another issue with “decltag”: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/slab: Added alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be observed: 3959.023862 ------------ Cut here ------------ 3959.023891 alloctag was not...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: Remove the tag set when the second admin queue configuration fails. Commit 104d0e2f6222 “nvme-fabrics: Reset the admin connection for secure concatenation” modified nvmetcpsetupctrl to call nvmetcpconfigureadminqueue...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: dm rq: Fixed a double-free of blkmqtagset when removing a device after table loading fails. When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device...