62154 matches found
Astra Linux - уязвимость в mod-wsgi
A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...
Astra Linux - уязвимость в firefox
When using the Performance API, attackers were able to detect subtle differences between PerformanceEntries, thereby determining whether the target URL had undergone a redirect. This vulnerability affects Firefox 103...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ipmi: Fixed UAF when uninstalling the ipmisi and ipmimsghandler modules Hi, During testing the installation and uninstallation of ipmisi.ko and ipmimsghandler.ko, the system crashed. The log message is as follows: 141.087026...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Mapping EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. To prevent this memory from being reused by the kernel after ExitBootServices, efimemreserve is...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetPhy The caller may pass any value as addr, which could lead to an out-of-bounds access to the mdiomap array. One existing case is in stmmacinitPhy, where -1 may be passed as addr...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 “can: skb: drop txskb if in listen-only mode”, the priv-ctrlmode element is read even on virtual CAN interfaces that do not create the structcanpriv structure during startup. Th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Start the MHI channel after endpoint creation The MHI channel may generate an event/interrupt right after enabling. This can lead to two race condition issues: 1 Such events may be dropped by the qcommhiqrtrdlcallback...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect the driver from buggy firmware When processing port up/down events generated by the device’s firmware, the driver attempts to protect itself from events reported for non-existent local ports. However, it...
Astra Linux - уязвимость в edk2
EDK2 contains a vulnerability in the BIOS, where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” through local access. Successful exploitation of this vulnerability could lead to possible information disclosure or escalation of privileges, thereby affecting...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: prevented races in -queryinterfaces It was possible for two query interfaces to simultaneously attempt to update the interfaces. This issue can be avoided by checking and updating ifacelastupdate under ifacelock...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fixed the handling of the RTAS MSRHV for the Cell architecture. The recent changes in MSR handling when entering RTAS firmware caused crashes on IBM Cell machines. An example trace is as follows: The kernel attempte...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ice: fixed NULL access to tx-inuse in iceptptsirq. The E810 device supports a “low latency” firmware interface for accessing and reading Tx timestamps. This interface does not use the standard Tx timestamp logic, due to the laten...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fixed NULL pointer dereferencing. A warning reported by smatch indicated a potential NULL pointer dereferencing issue, where one of the arguments to the API “irishfigen2handlesystemerror” might sometimes be null. To...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix for the condition effect bit clearing issue As reported by MPDarkGuy on Discord, NULL pointer dereferencing occurred because not all conditional effect bits were cleared. Properly clear all conditional effect bits...
Astra Linux - уязвимость в chromium
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in agilent USB. If the agilent USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devmregmapinitencx24j600 devmregmapinit may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register: general protection...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – avoid null pointer dereference in mpicmpui During NVMeTCP authentication, a controller can trigger a kernel oops by specifying the 8192-bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie...