145312 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Data related to command failures should only be collected for known commands. DEVX can issue a general command that is not used by the mlx5 driver. If such a command fails, mlx5 attempts to collect the failure data...
Astra Linux - уязвимость в firefox, thunderbird
Firefox did not properly handle downloads of files ending with .desktop, which can be interpreted to execute commands controlled by the attacker. This bug only affects Firefox for Linux on certain distributions. Other operating systems are unaffected, and Mozilla is unable to list all affected...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: USB: Storage: Fix memory leak in USB bulk transport A memory leak in the kernel was identified using the ‘ioctlsg01’ test from the Linux Test Project LTP. The following bytes were observed: 0x53425355. When USB storage devices...
Astra Linux - уязвимость в emacs
GNU Emacs version 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file. This is because lib-src/etags.c uses the system’s C library function in its implementation of the ctags program. For example, a victim might use the “ctags ” command as suggeste...
Astra Linux - уязвимость в golang-1.15
Versions of Go before 1.14.14 and 1.15.x before 1.15.7 on Windows are vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that utilize cgo for example, cgo can execute a GCC program from an untrusted source...
Astra Linux - уязвимость в vim
A heap-based buffer overflow exists in Vim/vim 9.0.0946 and earlier, as it allows an attacker to use CTRL-W gf in the expression used in the right-hand side of the substitute command...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xHCI: Corruption of the command ring pointer occurred during command aborts. The command ring pointer is located at bits 6:63 of the command ring control register CRCR. All control bits, such as those related to command stopping...
Astra Linux - уязвимость в exim4
Exim 4 before 4.94.2 has an improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via the AUTH= parameter in the MAIL FROM command...
Astra Linux - уязвимость в openssh
Using SSH in OpenSSH before version 10.1 allows for the use of the '\0' character in an SSH URI. This could potentially lead to code execution when a ProxyCommand is used...
Astra Linux - уязвимость в golang-1.19
The command go env command is documented as outputting a shell script containing the Go environment. However, go env does not sanitize the values it outputs. Therefore, executing its output as a shell script can lead to various malicious behaviors, including executing arbitrary commands or...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up the TPM space after a command failure. tpmdevtransmit prepares the TPM space before attempting command transmission. However, if the command fails, no rollback of this preparation occurs. This can lead to transient...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fixed the issue of NULL pointer dereferencing during certain command aborts. If a command is queued into the final usable TRB of a ring segment, the enqueue pointer is advanced to the next link TRB and then stops there...
Astra Linux - уязвимость в cifs-utils
It was discovered that cifs-utils’ mount.cifs function invoked a shell when requesting the Samba password, which could be exploited to inject arbitrary commands. An attacker who had special permissions, such as those through sudo rules, could use this vulnerability to escalate their privileges...
Astra Linux – Vulnerability in FontForge
Splinefont in FontForge, with a version number of 20230101, allows for command injection via crafted filenames...
Astra Linux - уязвимость в ansible
A flaw was discovered in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur when facts used in the template do not include special template characters, especially if the user attempts to embed templates within multi-line YAML strings. This flaw allows...
Astra Linux - уязвимость в nodejs
A vulnerability related to OS command injection exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1. This vulnerability arises due to an insufficient check in the IsAllowedHost function, which can be easily bypassed. Additionally, the IsIPAddress function does not properly check whether ...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2. The dump command of grub is not blocked when grub is in lockdown mode, which allows the user to read any memory information. An attacker could exploit this vulnerability to extract signatures, salts, and other sensitive information from the memory...
Astra Linux - уязвимость в python3.11, python3.7
The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management command NOP OUT to the device to recover the link. If this command times out and clearing the device...
Astra Linux - уязвимость в ofono
oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...