52557 matches found
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the URBDRC client used server-supplied interface numbers as array indices without bounds checks, resulting in a out-of-bounds read in libusbudevselectinterface. This vulnerability has been fixed in version...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Free UAF in smb2isnetworknamedeleted. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Free UAF in isvalidoplockbreak. Skipped sessions that are being torn down status == SESEXITING to avoid UAF...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: 9p: transfd/p9conn Cancel: release the client lock earlier. The syzbot reported a double-lock issue here, and we no longer need this lock after the requests have been moved to the local list. We can simply release the lock earlie...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a use-after-free in cryptmessage when using asynchronous crypto. The fix for CVE-2024-50047 removes the asynchronous crypto handling from cryptmessage, provided that all crypto operations are synchronous...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: Fixed an issue where the clientcount variable was incremented twice for public channels when dmachanget was called for a channel. This occurred first in balancerefcount, and again before returning. As a result, the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed a memory leak in cifsconstructtcon When using a multiuser mount with domain= specified and cifscreds, cifssetcifscreds will set @ctx-domainname, so it needs to be freed before leaving cifsconstructtcon. This...
Astra Linux – Vulnerability in Squid
A vulnerability was discovered in Squid before versions 4.15 and 5.x before version 5.0.6. Due to incorrect parser validation, this vulnerability allows for a Denial of Service attack against the Cache Manager API. This enables a trusted client to trigger memory leaks, which over time can lead to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nfsd: The issue in nfsd4setclientidconfirm where the function does not check the return value from getclientlocked was addressed. In this case, a SETCLIENTIDCONFIRM operation might race with a confirmed client’s expiration, causi...
Astra Linux – Vulnerability in NTP
In the file libntp/mstolfp.c, within the NTP version 4.2.8p15, there is a buffer overflow vulnerability when copying the trailing number. An attacker may be able to exploit this vulnerability against a client’s NTPQ process, but they cannot exploit it against ntpd...
Astra Linux – Vulnerability in NTP
In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when a \0' character is added. An adversary may be able to attack a client ntpq process, but they cannot attack the ntpd process...
Astra Linux – Vulnerability in Mariadb 10.3
Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. The supported versions affected are 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. This vulnerability is difficult to exploit; it allows low-privilege attackers with network access via multiple protocols to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: prevented races in -queryinterfaces It was possible for two query interfaces to simultaneously attempt to update the interfaces. This issue can be avoided by checking and updating ifacelastupdate under ifacelock...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: Resets cid to connum – 1 to remain within bounds. In the function initconns, after the createcon and createcm calls for the loop, if something fails. During the cleanup phase of the loop, after the destroy tag, we...
Astra Linux - Vulnerability in Golang-1.19
Large handshake records can cause panics in the crypto/TLS context. Both clients and servers may send large TLS handshake records, which can cause both servers and clients to panic when attempting to construct responses. This issue affects all TLS 1.3 clients, TLS 1.2 clients that explicitly enab...
Astra Linux – Vulnerability in NTP
In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when adding a decimal point. An adversary may be able to attack a client’s ntpq process, but they cannot attack the ntpd process...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a potential Use-after-Allocation UAF in cifsstatsprocwrite. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a potential Use-after-Allocation UAF in cifsstatsprocshow. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: smb: Client side – fixed a potential deadlock that could occur when releasing mids. All callers of releasemid seem to hold a reference to @mid; therefore, there is no need to call krefput&mid-refcount, releasemid under...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a use-after-free bug in cifsdebugdataprocShow Skipped SMB sessions that are being terminated e.g., @ses-sesstatus == SESEXITING in cifsdebugdataProcShow to avoid use-after-free issues with @ses. This fix...