126305 matches found
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected by this vulnerability are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fixed a socket memory leak in the handling of TCP-AO failures for IPv6. When tcpaocopyallmatching fails in tcpv6synrecvsock, the function simply exits. This results in a memory leak: unreferenced object 0xffff0000281a820...
Astra Linux – Vulnerability in Firefox and Thunderbird
Using techniques based on slipstream research, a malicious webpage could scan both the hosts of an internal network and the services running on the user’s local machine, using WebRTC connections. This vulnerability affects Firefox ESR 78.9, Firefox 87, and Thunderbird 78.9...
Astra Linux – Vulnerability in Qemu
In QEMU versions up to 5.0.0, an assertion failure can occur during network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could exploit this flaw to terminate the QEMU process on the host, resulting in a denial-of-service condition in...
Astra Linux – Vulnerability in Chromium
In the Network Config UI of the Google Chrome browser on ChromeOS, incorrect security user interfaces prior to version 90.0.4430.72 allowed a remote attacker to potentially compromise Wi-Fi connection security through a malicious wireless adapter...
Astra Linux – Vulnerability in net-snmp
The handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP versions 5.8 through 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/smc: Reduced Rtnl pressure in smcpnetcreatepnetidslist. Many syzbot reports indicate extreme Rtnl pressure, and many of them suggest that smc acquires Rtnl during the creation of netnames without any valid reason 1. This patc...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fixed a crash in nfsd4readrelease. When tracing is enabled, the tracenfsdreaddone trace point crashes during the pynfs read.testNoFh test...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: The “copy-to-cache” mechanism has been fixed so that it performs collection using Ceph+FSCache. The “copy-to-cache” mechanism used by Ceph with local caching creates a new request to write data that was just read from the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: can: mcan: pci: added the missing mcanclassfreedev function in probe/remove methods. In mcanpciremove and the error handling path of mcanpciprobe, mcanclassfreedev should be called to release resources allocated by...
Astra Linux – Vulnerability in edk2
EDK2 is vulnerable to a vulnerability in the Tcg2MeasureGptTable function, which allows a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...
Astra Linux – Vulnerability in edk2
EDK2 is vulnerable to a vulnerability in the Tcg2MeasurePeImage function, which allows a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...
Astra Linux – Vulnerability in GraphicsMagick
GraphicsMagick version 1.3.35 has a heap-based buffer overflow in the ReadMNGImage function in the coders/png.c file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off are performed befor...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nbd: Fixed an UAF in nbdgenlconnect, where an error path occurred after calling nbdstartdevice. There is a use-after-free issue in nbd: - block nbd6: Received control failed result: -104; sockets are being shut down. Bug: KASAN:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: removed the never-working support for setting nsh fields. The validation of the setnsh... action is completely incorrect. It involves the nshkeyputfromnlattr function, which is the same function used to...
Astra Linux – Vulnerability in edk2
EDK2’s Network Package is vulnerable to a buffer overflow vulnerability when handling the Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
The atmtcenqueue function in the net/sched/schatm.c file of the Linux kernel, as of version 6.1.4, allows attackers to cause a denial of service due to type confusion. In some cases, non-negative numbers can indicate a TCACTSHOT condition instead of valid classification results...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Concurrency. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. The...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: lockd: Other missing fields are set when unlocking files. The vfslockfile function expects that the struct filelock structure is fully initialized by the caller. If the flfile field is NULL after re-exporting NFSv3, an OOP err...