Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

f2fs: use global inline_xattr_slab instead of per-sb slab cache

...

EUVD-2020-1411

Malware in sbrugna...

SUSE CVE-2023-53285

In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in getmaxinlinexattrvaluesize Normally the extended attributes in the inode body would have been checked when the inode is first opened, but if someone is writing to the block device while the file syste...

CVE-2023-53285

CVE-2023-53285 : in the Linux kernel ext4, a bounds-check fix was added in get_max_inline_xattr_value_size() to prevent reading beyond allocated memory if the inode table is corrupted by block-device writes while mounted. This resolves a potential memory read issue in inline xattrs. Impact: HIGH ...

DEBIAN-CVE-2024-49958

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

Cross-site Scripting (XSS)

Overview phlex is a high-performance view framework optimised for fun. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to case-insensitivity in the code designed to prevent XSS attacks. When rendering HTML or SVG tags with user-provided attributes, malicious event...

Cross-Site Scripting (XSS)

orchid/platform is vulnerable to cross-site scirpting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via inline attributes...

CVE-2020-15263 XSS in platform

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4...

GHSA-589W-HCCM-265X Inline attribute values were not processed.

Impact Inline attributes have not been processed escape. If the data that came from users was not processed, then an XSS vulnerability is possible Patches Fixed in 9.4.4...

Inline attribute values were not processed.

Impact Inline attributes have not been processed escape. If the data that came from users was not processed, then an XSS vulnerability is possible Patches Fixed in 9.4.4...