11165 matches found
Astra Linux - уязвимость в netty
The HttpObjectDecoder.java file in Netty before version 4.1.44 allowed a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...
Astra Linux - уязвимость в postgresql-11
Over-reading of buffers in PostgreSQL’s GB18030 encoding validation allows a database input provider to cause temporary denial of service on platforms where a 1-byte over-reading can lead to process termination. This issue affects both the database server and libpq. Versions prior to PostgreSQL...
Astra Linux - уязвимость в postgresql-11
Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...
Astra Linux - уязвимость в firefox, thunderbird
When encoding data from an inputStream in xpcom, the size of the input being encoded was not correctly calculated, potentially leading to an out-of-bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
Astra Linux – Vulnerability in Node-Elliptic
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixed a panic issue by disabling preemption. In RISCV, we must use an AUIPC + JALR pair to encode an immediate jump, creating a jump to an address beyond 4K. This may cause errors if we want to enable kernel...
Astra Linux - уязвимость в golang-1.19
A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...
Astra Linux - уязвимость в apache2
A encoding problem in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. It is recommended that users upgrade to version 2.4.60, as...
Astra Linux - уязвимость в libtasn1-6
GNU Libtasn1 before version 4.19.0 has a array size check for the ETYPEOK field that can lead to errors. This issue affects the asn1encodesimpleder function...
Astra Linux - уязвимость в squid
Squid encounters issues with the improper handling of ASN.1 encoding for long SNMP OIDs in version 7.1. This issue occurs in the asnbuildobjid function within lib/snmplib/asn1.c...
Astra Linux - уязвимость в gunicorn
Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...
Astra Linux - уязвимость в djvulibre
DjVuLibre 3.5.27 allows attackers to carry out a denial-of-service attack application crashes due to an out-of-bounds read by creating a corrupted JB2 image file. This occurs due to improper handling of the JB2 image file in the JB2Dict::JB2Codec::getdirectcontext function in libdjvu/JB2Image.h,...
Astra Linux - уязвимость в firefox, thunderbird
When a user clicks on an FTP URL containing encoded newline characters %0A and %0D, these newline characters are interpreted as such, allowing arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Fix uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels as it doesn't convert the in-memory instruction encoding which is always little-endian into the kernel's native endianness...
Astra Linux - уязвимость в screen
In GNU Screen’s encoding.c file, as of version 4.8.0, remote attackers can cause a denial of service attack invalid write access and application crash, or potentially cause unspecified other impacts due to a crafted UTF-8 character sequence...
Astra Linux - уязвимость в waitress
In Waitress version 1.4.0, if a proxy server is used in front of Waitress, an attacker may send an invalid request that bypasses the front-end and is parsed differently by Waitress. This could lead to HTTP request smuggling. Specifically, requests containing special whitespace characters in the...
Astra Linux - уязвимость в apache2
Apache HTTP Server versions 2.4.41 to 2.4.46 with modproxyhttp can become unstable when processing specially crafted requests that use both Content-Length and Transfer-Encoding headers. This can lead to a denial of service...
Astra Linux - уязвимость в tomcat9
A vulnerability exists in the improper encoding or escaping of output in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, and from 9.0.40 through 9.0.116. Users are recommended to upgrade ...
Astra Linux - уязвимость в libvpx
There is a heap overflow vulnerability in libvpx. Encoding a frame with dimensions larger than the originally configured size using VP9 may lead to a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or higher...
Astra Linux - уязвимость в firefox, thunderbird
Methods AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding, and AppendEncodedCharacters may experience integer overflows, resulting in underallocation of an output buffer and thus causing out-of-bounds write attacks. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...