6090 matches found
Astra Linux - уязвимость в thunderbird
The olmsessiondescribe function in Matrix libolm before version 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a...
Astra Linux - уязвимость в golang-1.15
In Go, encoding/xml in versions before 1.15.9 and 1.16.x before 1.16.1 may lead to an infinite loop if a custom TokenReader used for xml.NewTokenDecoder returns EOF midway through an element. This issue can occur in the Decode, DecodeElement, or Skip methods...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: fixed a null dereference issue when inserting elements There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: General protection fault, likely due to an non-canonical address...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mac80211: Verify that the extended element ID is present. Before attempting to parse an extended element, ensure that the extended element ID is present...
Astra Linux - уязвимость в zabbix
A stored XSS vulnerability has been detected in the Zabbix web application, specifically in the Maps element, when a URL field contains spaces before the URL...
Astra Linux - уязвимость в qemu
A flaw was discovered in the vhost-vsock device of QEMU. In the event of an error, an invalid element was not detached from the virtqueue before freeing its memory, resulting in memory leakage and other unexpected issues. This issue affects QEMU versions up to 6.2.0...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: mISDN: fixed a possible memory leak in mISDNdspelementregister After committing 1fa5ae857bb1 "driver core: remove the struct device’s busid string array", the name of the device is allocated dynamically. Use putdevice to relea...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: hp-bioscfg: Fixed out-of-bounds array access issues during ACPI package parsing. The hppopulateelementsfrompackage functions in the hp-bioscfg driver contain vulnerabilities related to out-of-bounds array access...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fixed a potential VPE leak upon error. In itsvpeirqdomainalloc, when itsvpeinit returns an error, there is an off-by-one error in the number of VPEs that need to be freed. This issue was fixed by simply passin...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed an out-of-bounds read in the rtwgetie parser. The Information Element IE parser in rtwgetie trusted the length byte of each Information Element without verifying that the IE body len bytes after the 2-by...
Astra Linux - уязвимость в webkit2gtk
A use-after-free vulnerability exists in the SVG implementation in Blink, as used in Google Chrome before version 35.0.1916.114. This vulnerability allows remote attackers to cause a denial of service or potentially cause unspecified other impacts through vectors that trigger the removal of an...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: A integer overflow has been fixed in aie2queryctxstatusarray. The unpublished smatch static checker reported a warning. In drivers/accel/amdxdna/aie2pci.c, line 904 of aie2queryctxstatusarray: warn: Potential...
Astra Linux - уязвимость в expat
In Expat also known as libexpat, before version 2.4.5, an attacker could trigger stack exhaustion in buildmodel by using a large nesting depth in the DTD element...
Astra Linux - уязвимость в openldap
A flaw was discovered in OpenLDAP before version 2.4.57. This flaw led to an assertion failure in slapd during the X.509 DN parsing in the decode.c file, specifically at the bernextelement function. This caused a denial of service...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fixed an out-of-bounds access in otppackedelementt The value CS35L41NUMOTPELEM is 100, but only 99 entries are defined in the array otpmap1/2CS35L41NUMOTPELEM. This will trigger UBSAN to report a out-of-bounds...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed a stack buffer overflow issue during the parsing of the OnAssocReq IE. The length of the Supported Rates IE from an incoming Association Request frame was directly used as the length for the memcpy...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: Do not free the live element. Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. According to Pablo: addelem"00000000" timeout 100 ms …...
Astra Linux - уязвимость в firefox
A race condition involving requestPointerLock and setTimeout could have allowed a user to interact with one tab while believing they were on a different tab. Combined with certain elements such as , this could lead to an attack where the user became confused about the origin of the webpage and...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: BPF, sockmap: Prevent lock inversion deadlock in mapdeleteelem operation. The syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Since BPF tracing programs can be invoked fr...
Astra Linux - уязвимость в linux-5.10, linux
A issue was discovered in the Linux kernel before version 6.0.11. Missing offset validation in the drivers/net/wireless/microchip/wilc1000/hif.c file, within the WILC1000 wireless driver, can lead to an out-of-bounds read when parsing a Robust Security Network RSN information element from a Netli...