3823 matches found
Astra Linux - уязвимость в nghttp2
nghttp2 is an implementation of the Hypertext Transfer Protocol Version 2 in C. The nghttp2 library prior to version 1.61.0 continued to read an unlimited number of HTTP/2 CONTINUATION frames even after a stream was reset, in order to keep the HPACK context synchronized. This caused excessive CPU...
Astra Linux - уязвимость в yard
YARD is a Ruby documentation tool. The “frames.html” file within the generated documentation by YARD is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the “frames.erb” template file. This vulnerability has been fixed in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fixed deadlock during the flushing of management frames The commit 1 converted the management transmission work item into a wiphy work item. Since a wiphy work item can only run under wiphy lock protection, a race...
Astra Linux - уязвимость в python-eventlet
Eventlet is a concurrent networking library for Python. A WebSocket peer may exhaust memory on the Eventlet side by sending very large WebSocket frames. A malicious peer may also exhaust memory on the Eventlet side by sending highly compressed data frames. A patch in version 0.31.0 restricts...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в exempi
A buffer overflow vulnerability exists in the function ID3Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier versions. This vulnerability allows remote attackers to cause a denial of service by opening crafted audio files that contain the ID3V2 frame...
Astra Linux - уязвимость в netty
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty was vulnerable to MadeYouReset DDoS attacks. This is a logical vulnerability in the HTTP/2 protocol, which exploits malformed HTTP/2 control frames to circumvent the maximu...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed an out-of-bounds read during the parsing of the OnBeacon Extended Supported Rates ESR extension. The handling of the ESR extension during the OnBeacon phase involves accessing p + 1 + ielen and p + 2 +...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmmac – Fix for crashes occurring when sending Action Frames in standalone AP Mode Currently, whenever an Action Frame needs to be transmitted, the brcmmac driver always uses the P2P vif to send the “actframe” IOVAR to th...
Astra Linux - уязвимость в chromium
The use of frames with free in Google Chrome before version 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: Cortina: Use TOE/TSO on all TCP. It is desirable to enable the hardware accelerator to also process non-segmented TCP frames. We pass the skb-len value to the “TOE/TSO” offloader, which will handle those frames...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: dropping short frames Technically, some control frames, such as ACK frames, are shorter and end after “Address 1”. Such frames should not be forwarded through wmediumd or similar user-space mechanisms...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mac80211: Only track QoS data frames for admission control. For admission control, it clearly only applies to QoS data frames. Otherwise, we wouldn’t even be able to access the QoS field in the header. Syzbot reported an...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mwifiex: discards erroneous disassociation frames on the STA interface When operating in concurrent STA/AP mode with the host MLME enabled, the firmware incorrectly sends disassociation frames to the STA interface when...
Astra Linux - уязвимость в firefox, thunderbird
There was no limit to the number of HTTP/2 CONTINUATION frames that could be processed. A server could exploit this to cause a memory exhaustion condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skipping the parsing of frames of type UVCVSUNDEFINED in uvcparseformat. This issue can lead to out-of-bounds write attacks, as frames of this type were not taken into consideration when calculating the size of t...
Astra Linux - уязвимость в linux-5.15
A issue was discovered in the net/ceph/messengerv2.c file within the Linux kernel before version 6.4.5. There is an integer signedness error, which leads to a buffer overflow and remote code execution via the HELLO command or one of the AUTH frames. This occurs due to an untrusted length value...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fixed a crash in fnicwqcmplhandler when FDMI times out. When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. Upon completion of the sending, this leads to a attempt to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ice: Fix for Rx page leaks in multi-buffer frames The iceputrxmbuf function handles calling iceputrxbuf for each buffer in the current frame. This function was introduced as part of handling multi-buffer XDP support in the ice...