7738 matches found
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, a underflow of the sizet variable in the IMA-ADPCM and MS-ADPCM audio decoders led to a heap-buffer-overflow issue through the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in PWA implementations in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent, through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in hdf5
HDF5 through 1.14.3 contains a stack buffer overflow issue in H5Rdecodeheap, which leads to corruption of the instruction pointer and causes denial of service or potential code execution...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, there was a buffer overflow vulnerability in freerdpbitmapdecompressplanar when SrcSize was 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize is greater than or...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfclipboardformatequal read the freed lastSentFormats memory because xfclipboardformatsfree called from the cliprdr channel thread during auto-reconnect freed the array. Meanwhile, the X11 event thread...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In the chips-media: wave5 module, the order of device cleanup was corrected to prevent kernel panic. The process of removing video devices was moved to the beginning of the removal function to ensure that all video operations are...
Astra Linux – Vulnerability in edk2
EDK2 contains a vulnerability in the BIOS, where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” through local access. Successful exploitation of this vulnerability could lead to possible information disclosure or escalation of privileges, thereby affecting...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, the URBDRC client did not perform bounds checking on the MSUSBINTERFACEDESCRIPTOR values provided by the server and used these values as indices in libusbudevcompletemsconfigsetup, resulting in an...
Astra Linux – Vulnerability in firewalld
A flaw was discovered in firewalld. A local unprivileged user can exploit this vulnerability by misauthorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This misauthorization allows the user to modify the runtime firewall state without proper authentication,...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer rtpqdm2depay: Heap-based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer DVB Subtitles Out-of-Bounds: Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary dependi...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, there was a NULL pointer dereference vulnerability in rdpwritelogoninfov2. This vulnerability allowed a malicious RDP server to crash the FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with...
Astra Linux – Vulnerability in Firefox, Thunderbird
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode process, planardecompressplanerle wrote into pDstData at nYDst+y nDstStep + 4nXDst + nChannel, without verifying that nYDst+nSrcHeight fits within the destination height or that...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: do not free existing class in qfqchangeclass This fix addresses the issue with the qfqchangeclass function. The cl-qdisc and cl fields should only be freed if a new class and qdisc are allocated; otherwise,...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop – Fixedracy access during PCM trigger events The PCM trigger callback of the aloop driver attempts to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both the check and...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: mISDN: Annotated data-race around dev-work dev-work can be read without locking in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: Data race in mISDNioctl/mISDNread Writing 0xffff88812d848280 4 bytes b...
Astra Linux – Vulnerability in Python 3.11
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if the intended security model is followed. pkgutil.getdata d...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Fixed out-of-range access to bc-domains. Out-of-range access to bc-domains was corrected in the imx8mblkctrlremove function...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validating the command header size against SVGACMDMAXDATASIZE This data originates from user space and is used in buffer offset calculations, which may potentially lead to an out-of-bounds access due to overflow...