Astra Linux - уязвимость в ffmpeg

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2, specifically in the libavcodec/getbits.h file, during the process of writing .mov files. This vulnerability may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vfvmafmotion.c, within the convolutiony8bit module. This vulnerability could allow a remote malicious user to cause a Denial of Service attack...

Astra Linux - уязвимость в exim4

Before version 4.97.1, Exim allowed SMTP smuggling in certain pipeline/chunking configurations. Remote attackers could use a known exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Exim...

Astra Linux - уязвимость в ffmpeg

A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodecalloccontext3 in options.c...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context. TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework after the respective DMA operations are completed...

Astra Linux - уязвимость в qt4-x11

A issue was discovered in Qt between versions 5.12.9, 5.13.x, and 5.15.x up to 5.15.1. The readxbmbody function in gui/image/qxbmhandler.cpp has a buffer over-read issue...

Astra Linux - уязвимость в python-tornado

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and earlier use an inefficient algorithm when parsing parameters for HTTP header values, which may lead to Denial-of-Service attacks. The parseparam function in httputil.py is used to parse specific HTTP header...

Astra Linux - уязвимость в chromium

In the UI framework of Google Chrome, using “after free” before version 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A flaw was discovered in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer in xfrmupdateaeparams, resulting in a potential kernel crash and denial of service...

Astra Linux - уязвимость в ffmpeg5

A vulnerability, classified as critical, was discovered in FFmpeg up to version 5.1.5. This vulnerability affects the fillaudiodata function in the file /libswresample/swresample.c. The vulnerability leads to a heap-based buffer overflow. The attack can be initiated remotely. This issue was fixed...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/stm: Avoid use-after-free issues with crtc and plane. The function drmstmload calls the functions drmcrtcinitwithplanes, drmuniversalplaneinit, and drmencoderinit. These functions should not be called with parameters...

Astra Linux - уязвимость в ffmpeg5

Buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code and cause a denial of service DoS via the afdialoguenhance.c:261:5 in the destereo component...

Astra Linux - уязвимость в golang-github-gin-gonic-gin

This affects all versions of the package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client’s IP address can be spoofed by setting the X-Forwarded-For header...

Astra Linux - уязвимость в ffmpeg5

It was discovered that FFmpeg versions n5.1 to n6.1 contain an Off-by-one Error vulnerability in the libavfilter/avfshowspectrum.c file. This vulnerability allows attackers to cause a Denial of Service DoS attack through crafted inputs...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fixed a UAF in ieee80211scanrx The ieee80211scanrx function attempts to access scanreq-flags after a null check. However, a UAF Use-after-Allocation was observed when the scan is completed and ieee80211scancomplet...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: The mcbausb driver’s ndochangemtu function needs to be updated to prevent buffer overflows. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parsed query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters. This allowed attackers to send requests...

Astra Linux - уязвимость в twisted

Twisted is an event-based framework for internet applications. It was introduced with version 0.9.4. At that time, when the host header did not match a configured host using twisted.web.vhost.NameVirtualHost, a “NoResource” resource would be returned. This caused the Host header to be rendered...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: Resources are freed when a device is unregistered. In the current code, the devresreleaseall function is only called if the device has a bus and has been probed. This leads to issues when using devices that lack a...

Exploit for Download of Code Without Integrity Check in Gin-Gonic Gin

gin-vulnerable Demo consumer pinned to github.c...