Astra Linux – Vulnerability in cjson

It has been discovered that cJSON v1.7.16 contains a segmentation violation due to the use of the cJSONSetValuestring function in the cJSON.c file...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved memory handling. This issue is fixed in Safari 26, iOS 26, iPadOS 26, macOS Tahoe 26, visionOS 26, and watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash...

Astra Linux – Vulnerability in dcmtk

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service DoS attack through a malicious DCM file...

Astra Linux – Vulnerability in Firefox and Thunderbird

If a PAC URL was set, and the server hosting the PAC was unreachable, OCSP requests would be blocked, resulting in incorrect error pages being displayed. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

Astra Linux – Vulnerability in faad2

A issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the stszin function located in mp4read.c. This allows an attacker to cause code execution...

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker could exploit XSLT error handling mechanisms to associate content controlled by the attacker with another origin that is displayed in the address bar. This could be used to trick users into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...

Astra Linux – Vulnerability in Chromium

The use of “after free” in the Password Manager in Google Chrome before version 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nbd: defer config put in recvwork There is one UAF issue in recvwork when running NBDCLEARSOCK and NBDCMDRECONFIGURE: - nbdgenlconnect // confref=2 connect and recvwork A - nbdopen // confref=3 - recvwork A completed //...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed – fixed a double-free issue caused by devm. The clock obtained via devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepar...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: Fixed NULL dereferencing in asocqcomlpasscpuplatformprobe. The devmkzalloc function in asocqcomlpasscpuplatformprobe might potentially return a NULL pointer. NULL pointer dereferencing could occur without any...

Astra Linux – Vulnerability in Qemu

An integer overflow issue was identified in the vmxnet3 NIC emulator of QEMU for versions up to v5.2.0. This issue can occur if a guest provides invalid values for the rx/tx queue size or other NIC parameters. A privileged guest user may exploit this flaw to crash the QEMU process on the host,...

Astra Linux – Vulnerability in gst-plugins-ugly1.0

GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.11 contains a heap buffer overflow issue, caused by the derivecollocatedmotionvectors function in the motion.cc file...

Astra Linux – Vulnerability in Chromium

Using "after free" in Blink in Google Chrome before version 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Containerd

Containerd is an open-source container runtime that emphasizes simplicity, robustness, and portability. A bug was discovered in Containerd where container root directories and certain plugins had insufficiently restricted permissions, allowing unprivileged Linux users to access the contents of...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ARM: OMAP2+: display: Fixed refcount leak bug In omapdssinitfbdev, offindnodebyname will return a node pointer with the refcount incremented. We should use ofnodeput when it is no longer needed...

Astra Linux – Vulnerability in Intel Microcode

The sequence of processor instructions in IntelR CoreTM Ultra Processors may lead to unexpected behaviors. This could potentially allow an authenticated user to enable denial of service through local access...

Astra Linux – Vulnerability in emacs

In Emacs versions before 29.3, Gnus treats inline MIME contents as trusted...

Astra Linux – Vulnerability in ffmpeg

A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifoalloccommon function in libavutil/fifo.c...