20815 matches found
Astra Linux – Vulnerability in gdcm
There is an out-of-bounds write vulnerability in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to exploit this vulnerability...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3D. Coherent surfaces make sense only if the host renders to them using accelerated APIs. Without 3D, all the content in dumb buffers remains on the guest, making all the addition...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: A 64-bit variable is used to avoid 32-bit overflow. For example, in the expression: vbo = 2 vbo + skip...
Astra Linux – Vulnerability in dcmtk
DCMTK through version 3.6.6 does not handle string copying properly. When specific requests are sent to the dcmqrdb program, it queries its database and copies the result, even if the result is null. This can lead to a head-based overflow. An attacker can use this vulnerability to launch a DoS...
Astra Linux – Vulnerability in Wireshark
An infinite loop in the BitTorrent DHT dissector in Wireshark versions 3.6.0, 3.4.0, and 3.4.10 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/Mellanox: mlxbf-pmc – added sysfsattrinit to countClock initialization. The lock-related debugging logic CONFIGLOCKSTAT in the kernel issues the following warning when the BlueField-3 SOC is booted: BUG: The key...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference count leak in nfsdsetfhdentry. nfsd exports a “pseudo root filesystem” which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses th...
Astra Linux – Vulnerability in Firefox, Thunderbird
Through the use of reportValidity and window.open, a plain-text validation message could be displayed on another origin, potentially causing confusion for users and allowing for spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Atom Integrated System Info v22 for DCN35 A new request from KMD/VBIOS is to support a new UMA carveout model. This resolves a null dereference issue when accessing Ctx-dcbios-integratedinfo, as this variable...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB before version 10.6.2 allows an application to crash due to improper handling of a pushdown from a HAVING clause to a WHERE clause...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB before version 10.6.5 has a sqllex.cc integer overflow issue, which can lead to an application crash...
Astra Linux – Vulnerability in Python 2.7, Python 3.7
The urllib.parse.urlsplit and urlparse functions improperly validate bracketed hosts , allowing hosts that are neither IPv6 nor IPvFuture. This behavior does not conform to RFC 3986 and could potentially enable SSRF if a URL is processed by more than one URL parser...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcantxhandler: fixed the issue where skb was freed after it had been used. The canPUTechoskb function clones a skb and then frees it. This function should be moved directly before the start of the xmit in hardware for...
Astra Linux – Vulnerability in net-snmp
Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 includes a patch to address...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. A vulnerability exists in the functions snifffeedorhtml and skipinsignificantspace, which may lead to an over-reading of the heap buffer...
Astra Linux – Vulnerability in LibreOffice
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint servers. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice, links using this scheme could be used to invoke internal macr...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in the renesasusb3remove function in drivers/usb/gadget/udc/renesasusb3.c...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel before version 6.0.3, the file drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the return value of drmgemshmemgetsgtable. It expects the value to be NULL in the error case, but in reality, it is an error pointer...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added a sanity check for the file name. The length of the file name should be smaller than the directory entry size...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cifs: Client: Fixed a memory leak in smb3fsCONTEXTPARSEPARAM. The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second call to fsconfig, not the first. Regarding fc-source, there is ...