40555 matches found
Astra Linux - уязвимость в wget
In GNU Wget version 1.24.5, url.c handles semicolons in the userinfo subcomponent of a URI incorrectly. As a result, there may be insecure behaviors where data that should be within the userinfo subcomponent is misinterpreted as being part of the host subcomponent...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsihostalloc After a device is initialized using deviceinitialize, or its name is set using devsetname, the device must be freed using putdevice. Otherwise, the device name will be leaked becaus...
Astra Linux - уязвимость в openssh
A vulnerability was discovered in OpenSSH when the VerifyHostKeyDNS option is enabled. A man-in-the-middle attack can be carried out by a malicious machine pretending to be a legitimate server. This issue arises due to the way OpenSSH handles error codes under certain conditions during the...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detaching devices when removing the host Whenever the MIPI-DSI host is unregistered, the code for mipidsihostunregister loops through every device currently found on that bus and will unregister them. However, it do...
Astra Linux - уязвимость в haproxy
A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue can lead to a situation where the HTTP Host header is controlled by an attacker, due to a mismatch between the Host field and its corresponding authority value being mishandled...
Astra Linux - уязвимость в linux, linux-5.10
A issue was discovered in the Linux kernel for PowerPC before version 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to a bug in the implementation of arch/powerpc/kvm/book3shvrmhandlers.S, which handles the values of the SRR1 register...
Astra Linux - уязвимость в php7.3
In PHP versions prior to 7.4.31, 8.0.24, and 8.1.11, this vulnerability allows network and same-site attackers to set an insecure cookie in the victim’s browser. This cookie is treated as a Host- or Secure- cookie by PHP applications...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN reports an array-index-out-of-bounds error: 1.980703 kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fixed a UAF Use-After-Free exception during logout when accessing the shostipaddress attribute. Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shostipaddress...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: mmc: atmel-mci: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in mmcallochost may be leaked. 2. In the...
Astra Linux - уязвимость в linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Moved the unregistration of NPIV’s transport to after resource cleanup. There are cases after NPIV is deleted where the fabric switch still believes that NPIV is registered in the fabric. This occurs when a vport i...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: fixed the issue of freeing the HMB descriptor table. The HMB descriptor table is sized based on the maximum number of descriptors that can be used for a given device. However, nvmeallochostmem might break out of the...
Astra Linux - уязвимость в qemu
A flaw was discovered in qemu. A host privilege escalation issue was identified in the virtio-fs shared file system daemon, where a privileged guest user is able to create a device-specific special file in the shared directory and use it to gain read/write access to host devices...
Astra Linux - уязвимость в isc-dhcp
In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP e.g., releases in the 4.0.x series or earlier, and releases in the 4.3.x series are beyond their End-of-Life period and are no longer supported by ISC. It is clear that this defect is also present in releases...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression related to the removal of the procfs host directory. The scsiprochostdirrm function decreases a reference counter; therefore, it should only be called once per host that is removed. This change...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mmc: meson-gx: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in mmcallochost may be leaked. 2. In the...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: mmc: moxart: Fix the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, the memory allocated by mmcallochost will be leaked, leading to a kernel crash due to the remova...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ICMP messages are rate-limited. After the identified issues, the two rate limiters are applied in the following order: 1 Host-wide rate limit icmpglobalallow 2 Per-destination rate limit inetpeer-based To avoid side-channel...
Astra Linux - уязвимость в qemu
An infinite loop flaw was discovered in the e1000 NIC emulator of QEMU. This issue occurs when processing transmit tx descriptors in processtxdesc, especially if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in...
Astra Linux - уязвимость в qemu
A vulnerability related to out-of-bounds read/write access was discovered in the USB emulator of QEMU in versions prior to 5.2.0. This issue occurs during the processing of USB packets from a guest, when the value of USBDevice’s ‘setuplen’ exceeds the value of ‘databuf4096’ in the dotokenin and...