5201 matches found
Astra Linux – Vulnerability in OpenSSL
There is a type confusion vulnerability related to X.400 address processing within an X.509 GENERALNAME. X.400 addresses are parsed as ASN1STRING, but the public structure definition for GENERALNAME incorrectly specifies the type of the x400Address field as ASN1TYPE. This field is subsequently...
Astra Linux – Vulnerability in ntfs-3g
The file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite...
Astra Linux – Vulnerability in Chromium
In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...
Astra Linux – Vulnerability in ntfs-3g
An integer underflow in fuselibreaddir allows for arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite...
Astra Linux – Vulnerability in Chromium
Side-channel information leakage in keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page...
Astra Linux – Vulnerability in Linux, Linux 5.10
A vulnerability was discovered in the drivers/usb/gadget/function/rndis.c file within the Linux kernel before version 5.16.10. The RNDIS USB gadget does not include validation for the size of the RNDISMSGSET command. Attackers can obtain sensitive information from the kernel memory...
Astra Linux – Vulnerability in Chromium
In Google Chrome, a out-of-bounds read in the Tab Strip feature was exploited before version 92.0.4515.131. This allowed an attacker to convince a user to install a malicious extension, enabling them to perform an out-of-bounds memory read through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In Google Chrome versions prior to 87.0.4280.88, uninitialized use of V8 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Avoid reading uninitialized memory in ath9khtcrxmsg. syzbot reports that the uninitialized value is accessed at ath9khtcrxmsg. For ioctlUSBRAWIOCTLEPWRITE, the function ath9khifusbrxstream may call ath9khtcrxmsg with...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dm raid: fixed the address sanitizer warning in raidstatus. This warning occurs when using a kernel with address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsirai...
Astra Linux – Vulnerability in libxpm
A vulnerability was discovered in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...
Astra Linux – Vulnerability in libssh2
In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, allowing an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A malicious SSH server may be able to disclose sensitive information or cause a...
Astra Linux – Vulnerability in libxpm
A vulnerability was discovered in libXpm, where a boundary condition allows a local user to trigger an out-of-bounds read error, thereby reading contents of memory on the system...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel. A use-after-free occurred in the way the console subsystem utilized ioctls KDGKBSENT and KDSKBSENT. A local user could exploit this flaw to gain access to memory beyond its intended scope. The most significant threat posed by this vulnerability is to dat...
Astra Linux – Vulnerability in PostgresSQL 11
A flaw was discovered in PostgreSQL. By using an UPDATE...RETURNING command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is data confidentiality...
Astra Linux – Vulnerability in Apache2
A carefully crafted request body can cause a read to a random memory area, which may lead to the process crashing. This issue affects Apache HTTP Server 2.4.52 and earlier...
Astra Linux – Vulnerability in Chromium
In FedCM, out-of-bounds memory access in Google Chrome prior to version 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel up to version 6.3.1, a use-after-free issue in Netfilter’s nftables module arises when processing batch requests. This allows unprivileged local users to obtain root privileges. The issue occurs due to improper handling of anonymous sets...
Astra Linux – Vulnerability in Chromium
In Google Chrome, out-of-bounds memory access in Fonts allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page before version 116.0.5845.110. Chromium security severity: Medium...