7293 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm: A use-after-free issue in drmgetunique has been fixed. There is a time-of-check-to-time-of-use error in drmgetunique, caused by retrieving fpriv-master before locking the device’s master mutex. An example of this error can b...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a null pointer check for inode operations This adds a sanity check for the iop pointer of the inode, which is returned after reading the Root directory MFT record. We should check that the iop is valid before...
Astra Linux – Vulnerability in Thunderbird
OpenPGP secret keys that were imported using Thunderbird versions 78.8.1 up to 78.10.1 were stored unencrypted on the user’s local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automaticall...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: Avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one that supports UC filtering and MC filtering as a DSA master for a randomly selected DSA switch, the following...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: crypto: ccp – Fixed null pointer dereference in sevplatformshutdownlocked. The SEV platform device can be shut down with a null pspmaster, for example, using DEBUGTESTDRIVERREMOVE. This issue was identified using KASAN:...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: media: anysee: fixed the null-ptr-deref in anyseemasterxfer. In anyseemasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data will...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed the missing iop in ntfsreadmft. There is a null pointer dereference issue because iop == NULL. The bug occurs because we do not initialize iop for records in $Extend$...
Astra Linux – Vulnerability in xorg-server
A flaw related to out-of-bounds memory access was discovered in the X.Org server. This issue can occur when a device that has been frozen by a sync operation is reattached to a different master device. This issue may result in an application crashing, local privilege escalation if the server runs...
Astra Linux – Vulnerability in LibreOffice
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the master key was poorly encoded, resulting in a reduction in its entro...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: fscrypt: stopped using the keyring subsystem for fscryptmasterkey. The approach of having fs/crypto/ manage the fscryptmasterkey structures internally as payloads within “struct key” objects contained in a “struct key” keyring...
Astra Linux – Vulnerability in ntfs-3g
In NTFS-3G versions before 2021.8.22, when a specially crafted NTFS attribute is provided to the function ntfsgetattributevalue, a heap buffer overflow can occur, allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access, which can be...
Astra Linux – Vulnerability in ntfs-3g
NTFS-3G versions prior to 2021.8.22 may experience a heap buffer overflow when a specially crafted NTFS attribute is set up using the function ntfsattrsetupflag. This could allow code execution and an escalation of privileges...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagatemnt function handles mount propagation when creating mounts and propagates the source mount tree @sourcemnt to all applicable nodes of the destination propagation mount tree, heade...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fixed a use-after-free vulnerability in the cdnsi3cmasterprobe function due to race conditions. In the cdnsi3cmasterprobe function, &master-hjwork is bound to cdnsi3cmasterhj. And cdnsi3cmasterinterrupt can cal...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fixed a runtime PM leak on the error path. The cdnsi2cmasterxfer function acquires a runtime PM reference when it is executed. This reference is released when the function exits. Currently, there ...
WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Master Slider versions = 3.11.2...
CVE-2025-52465
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...
CVE-2025-52465 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...
CVE-2025-52465
GeoServer has an arbitrary file write vulnerability (CVE-2025-52465) in the Master Password Dump page. Before versions 2.26.4 and 2.27.3, an authenticated administrator with access to GeoServer’s security system can pass an absolute path as the target file name to the Master Password Dump page, c...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the MagicYUV decoder process in the libavcodec library. An attacker can cause a denial of service or potentially execute arbitrary code by submitting a specially crafted file that triggers an odd sliceheight valu...