530233 matches found
Astra Linux – Vulnerability in Vim
A vulnerability was discovered in Vim and is classified as problematic. The issue affects the qfupdatebuffer function in the quickfix.c file of the autocmd Handler component. This manipulation leads to memory corruption after the function is called. The attack can be launched remotely. Upgrading ...
Astra Linux – Vulnerability in Pixman
In libpixman in Pixman before version 0.42.2, there is an out-of-bounds write vulnerability also known as a heap-based buffer overflow in the rasterizeedges8 function, due to an integer overflow in the pixmansamplefloory function...
Astra Linux – Vulnerability in Heimdal, KRB5
PAC parsing in MIT Kerberos 5 also known as krb5 before versions 1.19.4 and 1.20.x before version 1.20.1 contains integer overflows that may lead to remote code execution in the KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms. This results in a heap-based buffer overflow...
Astra Linux – Vulnerability in usbredir
A use-after-free vulnerability was discovered in usbredir in versions prior to 0.11.0, specifically in the usbredirparserserialize function within usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data, especially in cases where the destination is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1
An integer overflow flaw was discovered in the Linux kernel. This issue causes the kernel to allocate skbsharedinfo in the user space, which can be exploited in systems without SMAP protection, as skbsharedinfo contains references to function pointers...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcantxhandler: fixed the issue where skb was freed after it had been used. The canPUTechoskb function clones a skb and then frees it. This function should be moved directly before the start of the xmit in hardware for...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: hns3 – fixed a use-after-free bug in hclgevfsendmbxmsg. Currently, the hns3remove function first uninstalls the client instance, and then uninstalls the deletion engine device. The netdevice is freed during the client instan...
Astra Linux – Vulnerability in libxml2
A issue was discovered in libxml2 before version 2.10.4. When hashing empty dictionary strings in a crafted XML document, the xmlDictComputeFastKey function in dict.c can produce non-deterministic values, resulting in various logical and memory errors, such as double-free errors. This behavior...
Astra Linux – Vulnerability in binutils
In the GNU Binutils before version 2.40, there is a heap-buffer-overflow issue in the error function bfdgetl32 when called from the stripmain function in strip-new, through a specially crafted file...
Astra Linux – Vulnerability in binutils
The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...
Astra Linux – Vulnerability in OpenSSL
A security vulnerability has been identified in all supported versions of OpenSSL, related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use o...
Astra Linux – Vulnerability in emacs
GNU Emacs version 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file. This is because lib-src/etags.c uses the system’s C library function in its implementation of the ctags program. For example, a victim might use the “ctags ” command as suggeste...
Astra Linux – Vulnerability in SOX
A flaw was discovered in sox 14.4.1. The lsxadpcminit function within libsox causes a global-buffer-overflow. This flaw allows an attacker to introduce a malicious file, resulting in the disclosure of sensitive information...
Astra Linux – Vulnerability in grub2
Integer underflow in grubnetrecvip4packets; A malicious IP packet can cause an integer underflow in the grubnetrecvip4packets function, affecting the rsm-totallen value. Under certain circumstances, the totallen value may wrap around to a small integer number, which will be used in memory...
Astra Linux – Vulnerability in HAPProxy
There is an integer overflow in HAProxy versions 2.0 to 2.5, specifically in the htxaddheader function, which can be exploited to perform an HTTP request smuggling attack. This allows an attacker to bypass all configured http-request HAProxy Access Control Lists and possibly other access control...
Astra Linux – Vulnerability in Linux
A buffer overflow attack in fbcon in the Linux kernel before version 5.9.7 could be exploited by local attackers to read privileged information or potentially cause the kernel to crash. This issue is identified as CID-3c4e0dff2095. This vulnerability arises because the KDFONTOPCOPY function in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: pagepool: Fixed a use-after-free in pagepoolrecycleinring. syzbot reported a UAF Use-After-Free in pagepoolrecycleinring: BUG: KASAN: Slab-use-after-free in lockrelease+0x151/0xa30 in kernel/locking/lockdep.c:5862. A size 8 re...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Validates nvmelocalport correctly The driver load failed with the following error message: qla2xxx 0000:04:00.0-ffff:0: registerlocalport failed: ret=ffffffef And there was a kernel crash: BUG: Unable to handle ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: added a missing condition check for the existence of the mapped data. The function nvmemapdata is called when the request contains physical segments; therefore, the function nvmeunmapdata should also have the same...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: liquidio: The handling of NULL pointers in liovfrepcopypacket was adjusted. In liovfrepcopypacket, pginfo-page is compared to a NULL value, but it is then unconditionally passed to skbaddrxfrag, which seems strange and could lead...