8363 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/cma: Fixed a kmemleak in rdmacore that was observed during the blktests nvme/rdma tests with siw. When running the blktests nvme/rdma tests, the following kmemleak issue will appear: - kmemleak: The Kernel Memory Leak...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: ice: Fixed a potential NULL pointer dereference in the icebridgesetlink function. The icebridgesetlink function may encounter a NULL pointer dereference if nlmsgfindattr returns NULL, and brspec is dereferenced subsequently ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: thermal-netlink: Prevent userspace segmentation faults by adjusting the UAPI header. The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from the kernel space, encounters a...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use the correct encap attribute during invalidation With the introduction of post-action infrastructure, most users of the encap attribute were modified to obtain the correct attribute by calling the mlx5etcgetencapatt...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds read, caused by an invalid attribute in ntfsattrfindinattrdef, in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в python-django
A issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. The UserAttributeSimilarityValidator incurred significant overhead when evaluating a submitted password that was artificially large relative to the comparison values. In a situation where access to user...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Added bounds checking in getmaxinlinexattrvaluesize Normally, extended attributes within the inode body would be checked when the inode was first opened. However, if someone writes to the block device while the file system ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a kernel warning during topology setup This patch fixes the following kernel warning that occurred during driver loading by correctly initializing the p2plink attr before creating the sysfs file: +0.002865...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed an out-of-band issue in ntfslistxattr. The length of a name cannot exceed the space occupied by “ea”...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nvdimm: The memory pointed to by ndpmu-pmu.attrgroups is allocated in the function registernvdimmpmu, and it is lost after the kfreendpmu call in the function unregisternvdimmpmu...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: phy: ralink: mt7621-pci: add sentinel to quirks table By fixing socdevattr to register the SOC as a device, the kernel will encounter an OOPs error in socdevicematchattr. This quirks test was introduced in the staging driver in t...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: ntfs: fixed a use-after-free in ntfsattrfind The patch series “ntfs: fix bugs about Attribute”, version 2. This patchset fixes three bugs related to Attribute in records: Patch 1 adds a sanity check to ensure that the...
Astra Linux - уязвимость в tomcat9
When using RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71, and 8.5.0 to 8.5.85 did not include the secure attribut...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Ensure that the presence of the LSNLATYPEDGID attribute is correctly checked. The netlink response for RDMANLLSOPIPRESOLVE should always contain the LSNLATYPEDGID attribute; otherwise, it is invalid. Use the nl...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fixed the issue of leaking the multicast GID table reference. If the CM ID is destroyed while the CM event for multicast creation is still queued, the cancelworksync function will prevent the work from running. This also...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: xfrm/compat: prevented potential Spectre v1 exploits in xfrmxlate32attr int type = nlatypenla; if type XFRMAMAX return -EOPNOTSUPP; @type is then used as an array index and can be exploited as a Spectre v1 exploit. If nlalennl...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Enhanced the attribute size check. This combines the overflow and boundary check so that all attribute sizes will be properly examined during enumeration. 169.181521 BUG: KASAN: Out-of-bounds access in...
Astra Linux - уязвимость в rails
An XSS vulnerability exists in the Action View tag helpers versions 5.2.0 and below, which would allow an attacker to inject content if they can control the input into specific attributes...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...