62037 matches found
Astra Linux - уязвимость в chromium
Before version 122.0.6261.57, using Accessibility in Google Chrome allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through those gestures. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...
Astra Linux - уязвимость в mod-wsgi
A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...
Astra Linux - уязвимость в firefox
When using the Performance API, attackers were able to detect subtle differences between PerformanceEntries, thereby determining whether the target URL had undergone a redirect. This vulnerability affects Firefox 103...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ipmi: Fixed UAF when uninstalling the ipmisi and ipmimsghandler modules Hi, During testing the installation and uninstallation of ipmisi.ko and ipmimsghandler.ko, the system crashed. The log message is as follows: 141.087026...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fixed the null dereference in the HDMI teardown process. The pcisetdrvdata function sets the value of pdev-driverdata to NULL. After that, the driverdata obtained from the same device is dereferenced in...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: fpga: manager: Added a module owner field and used its pointer to count the reference count of the module. The current implementation of the fpgamanager assumes that the low-level module registers a driver for the parent devic...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: greybus: A use-after-free bug was fixed in gbinterfacerelease due to a race condition. In gbinterfacecreate, &intf-modeswitchcompletion is bound to gbinterfacemodeswitchwork. Then, it will be initiated by...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Mapping EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. To prevent this memory from being reused by the kernel after ExitBootServices, efimemreserve is...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 “can: skb: drop txskb if in listen-only mode”, the priv-ctrlmode element is read even on virtual CAN interfaces that do not create the structcanpriv structure during startup. Th...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetPhy The caller may pass any value as addr, which could lead to an out-of-bounds access to the mdiomap array. One existing case is in stmmacinitPhy, where -1 may be passed as addr...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fixed the handling of the RTAS MSRHV for the Cell architecture. The recent changes in MSR handling when entering RTAS firmware caused crashes on IBM Cell machines. An example trace is as follows: The kernel attempte...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed NULL pointer dereferencing in trytoregistercard. In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check. This can lead to a NULL pointer...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: scsi: fcoe: Fixed the issue where the transport object is not detached when fcoeifinit fails. fcoeinit calls fcoetransportattach&fcoeswtransport, but when fcoeifinit fails, &fcoeswtransport is not detached, and the freed...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed a possible crash that occurred when setting up bsg failed. If bsgsetupqueue fails, the bsgqueue is assigned a non-NULL value. As a result, in mpi3mrbsgexit, the condition “if!mrioc-bsgqueue” will not be...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imondisconnect Syzbot reports a KASAN issue as follows: BUG: KASAN: use-after-free in createpipe, include/linux/usb.h:1945 inline BUG: KASAN: use-after-free in sendpacket+0xa2d/0xbc0,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ice: fixed NULL access to tx-inuse in iceptptsirq. The E810 device supports a “low latency” firmware interface for accessing and reading Tx timestamps. This interface does not use the standard Tx timestamp logic, due to the laten...