Astra Linux - уязвимость в zabbix

Currently, the geomap configuration Administration - General - Geographical maps allows the use of HTML in the “Attribution text” field when the “Other” Tile provider is selected...

Astra Linux - уязвимость в ansible

A flaw was discovered in several Ansible modules, where parameters containing credentials, such as “secrets,” were logged in plain text on managed nodes, and were also made visible on the controller node when run in verbose mode. These parameters were not protected by the “nolog” feature. An...

Astra Linux - уязвимость в firefox, thunderbird

When inserting text while in edit mode, some characters may cause out-of-bounds memory access, leading to potentially exploitable crashes. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Astra Linux - уязвимость в thunderbird

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text is never displayed to the user. This is because the text is interpreted as a MIME message, and the first paragraph is always treated as part of an email header section. A digitally signed text...

Astra Linux – Vulnerability in golang-golang-x-text

In Go 1.15.4, a "index out of range" panic occurs in the language.ParseAcceptLanguage function during the parsing of the -u- extension. The language.ParseAcceptLanguage function is supposed to be able to parse an HTTP Accept-Language header...

Astra Linux - уязвимость в twitter-bootstrap3

A security vulnerability has been discovered in Bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is related to the “data-loading-text” attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into this attribute,...

Astra Linux - уязвимость в thunderbird

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is displayed when the mouse hovers over any attachment. Although the correct link is used upon clicking, the misleading hover text may lead users to download conten...

Astra Linux - уязвимость в firefox, thunderbird

When segmenting specially crafted text, segmentation may corrupt memory, leading to a potentially exploitable crash. This vulnerability has been fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

Astra Linux - уязвимость в ghostscript

A issue was discovered in Artifex Ghostscript prior to version 10.05.0. The DOCXWRITE TXTWRITE device suffers from a text buffer overflow issue due to the use of long characters in devices/vector/doccommon.c...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport init-annotated xfrm4protocolinit EXPORTSYMBOL and init are a poor combination, as the .init.text section is freed after initialization. As a result, modules cannot use symbols annotated with init. Access to a...

Astra Linux - уязвимость в musl

Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...

Astra Linux – Vulnerability in golang-golang-x-text

In golang.org/x/text, the text/language field before version 0.3.7 can cause a panic due to an out-of-bounds read during BCP 47 language tag parsing. Index calculations are also handled incorrectly. If untrusted user input is parsed, this could be exploited as a vector for a denial-of-service...

Astra Linux - уязвимость в qemu

An integer underflow issue was discovered in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could exploit this flaw to render QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: kprobes: Fixed a possible use-after-free issue during kprobe registration. When unloading a module, its state changes from MODULESTATELIVE to MODULESTATEGOING, and then to MODULESTATEUNFORMED. Each of these changes takes some...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fixed bpfarchtextpoke when newaddr == NULL again. The commit 7ded842b356d "s390/bpf: Fixed bpfplt pointer arithmetic" accidentally removed the critical portion of the commit c730fce7c70c "s390/bpf: Fixed bpfarchtextpoke...

Astra Linux - уязвимость в golang-golang-x-text

An attacker can cause a denial of service by creating an Accept-Language header that requires ParseAcceptLanguage to take significant time to process...

Astra Linux - уязвимость в xterm

With Patch 370, xterm enables Sixel support. When this is enabled, attackers can exploit a buffer overflow in the setsixel function in graphicssixel.c by using crafted text...

Astra Linux - уязвимость в ceph

A flaw was discovered in Ceph versions prior to 16.y.z, where Ceph stores mgr module passwords in plain text. This can be identified by searching the mgr logs using Grafana and the dashboard, as the passwords are visible...

Astra Linux - уязвимость в parsec

The vulnerability of the typefromtext function in the PARSEC security subsystem is related to accessing beyond the global buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service failures...

Astra Linux - уязвимость в thunderbird

Thunderbird allows the use of the Text DirectionOverride Unicode Character in filenames. As a result, an email attachment might be incorrectly displayed as a document file, when in fact it is an executable file. Older versions of Thunderbird will remove this character and display the correct file...