32046 matches found
Astra Linux - уязвимость в edk2
EDK2 contains a vulnerability in the HashPeImageByType function. A user can cause an out-of-bounds read when a corrupted data pointer and length are sent via an adjacent network. Successful exploitation of this vulnerability may result in a loss of integrity and/or availability...
Astra Linux - уязвимость в edk2
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage function. An attacker may cause memory corruption due to an overflow through an adjacent network. Successful exploitation of this vulnerability could result in a loss of confidentiality, integrity, and/or availability...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2 in versions prior to 2.06. The Setparamprefix function in the menu rendering code performs a length calculation based on the assumption that expressing a single quoted character would require 3 characters. However, in reality, it requires 4 characters. This allows a...
Astra Linux - уязвимость в imagemagick
A flaw was discovered in ImageMagick, specifically in the MagickCore/visual-effects.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The greatest threat of this vulnerability is to system...
Astra Linux - уязвимость в libwebp
A flaw was discovered in libwebp in versions prior to 1.0.1. When reading a file, libwebp allocates an excessive amount of memory. The greatest threat posed by this vulnerability is related to service availability...
Astra Linux - уязвимость в sssd
A flaw was discovered in SSSD, where the sssctl command was vulnerable to shell command injection through the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into executing a specially crafted sssctl command, such as using sudo, in order to gain root...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it returns a warning message: “WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211” This issue is caused by...
Astra Linux - уязвимость в python3.7
A flaw was discovered in Python. In algorithms with quadratic time complexity that use non-binary bases, when using int“text”, a system may take 50 milliseconds to parse an int string with 100,000 digits, and 5 seconds for strings with 1,000,000 digits. Functions like float, decimal, int.frombyte...
Astra Linux - уязвимость в openjpeg2
There is a flaw in the src/lib/openjp2/pi.c file of openjpeg in versions prior to 2.4.0. If an attacker can provide untrusted input to openjpeg’s conversion/encoding functionality, they could cause an out-of-bounds read. The most significant impact of this flaw is the application’s availability...
Astra Linux - уязвимость в openexr
A flaw was discovered in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image file to have it processed by OpenEXR, resulting in a floating-point exception error. The greatest threat posed by this vulnerability is to system availabili...
Astra Linux - уязвимость в imagemagick
A flaw was discovered in ImageMagick version 7.0.11. In this version, an integer overflow in the WriteTHUMBNAILImage function in the coders/thumbnail.c file may lead to undefined behavior when processing a specially crafted image file submitted by an attacker. The greatest threat posed by this...
Astra Linux - уязвимость в imagemagick
A divide-by-zero flaw was discovered in ImageMagick versions 6.9.11-57 and 7.0.10-57, located in the gem.c file. This flaw allows an attacker to submit a crafted file processed by ImageMagick, causing undefined behavior due to a division by zero. The greatest threat of this vulnerability is to...
Astra Linux - уязвимость в imagemagick
A flaw was discovered in ImageMagick’s MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of type unsigned long. This likely affects the availability of the application, but ...
Astra Linux - уязвимость в openexr
A flaw was discovered in OpenEXR’s multipart input file functionality. A crafted multipart input file containing no actual parts can lead to a NULL pointer dereferencing issue. The greatest threat of this vulnerability is to system availability...
Astra Linux - уязвимость в php8.1, php7.3
In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. before 8.4.10, when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefixes may lead to null pointer dereferencing. This can result in crashes and affect the availability of the target server...
Astra Linux - уязвимость в imagemagick
A flaw was discovered in ImageMagick within MagickCore/statistic.c. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in an excessively large value for the 64-bit type ssizet. This likely leads to a disruption in the application’s...
Astra Linux - уязвимость в ceph
A flaw was discovered in the Red Hat Ceph Storage RGW in versions prior to 14.2.21. When processing a GET request for a swift URL that ends with two slashes, it can cause the rgw component to crash, resulting in a denial of service. The most significant threat to the system is its availability...
Astra Linux - уязвимость в qemu
A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue arises when handling the “PVRDMACMDCREATEMR” command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The greatest threat posed by this...
Astra Linux - уязвимость в openexr
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with the application’s functionality and availability...
Astra Linux - уязвимость в libxml2
A vulnerability was discovered in libxml2 in versions prior to 2.9.11. This vulnerability allows errors to go unnoticed during the parsing of XML mixed content, resulting in a NULL dereference. If an untrusted XML document is parsed in recovery mode and after post-validation, this flaw could be...