111118 matches found
Astra Linux - уязвимость в connman
A issue was discovered in the DNS proxy of Connman through version 1.40. The implementation of the TCP server’s reply mechanism lacks a check to ensure that there is sufficient Header Data, resulting in an out-of-bounds read...
Astra Linux - уязвимость в cgal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux - уязвимость в chromium
The use of after-free in Blink in Google Chrome before version 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: md: making rdevaddable usable for rcu mode. Our testcase triggered a panic: BUG: Kernel NULL pointer dereferencing, address: 00000000000000e0 … Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ 94...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In the tpm subsystem, the issue of locking the TPM chip before calling tpmpmsuspend needs to be addressed. Setting TPMCHIPFLAGSUSPENDED at the end of tpmpmsuspend can be done more efficiently, as this provides a window during whi...
Astra Linux - уязвимость в libarchive
It was discovered that Libarchive v3.6.0 contains a buffer overflow vulnerability, specifically related to the zipxlzmaaloneinit function...
Astra Linux - уязвимость в chromium
Before version 87.0.4280.88, networking-related reads in Google Chrome allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory through a crafted HTML page...
Astra Linux - уязвимость в qemu
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, which can lead to a NULL pointer dereferencing...
Astra Linux - уязвимость в freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients and servers that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. There are no known workarounds available...
Astra Linux - уязвимость в golang-golang-x-net, golang-1.15
In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The use-after-free issue in smblazyparentleasebreakclose has been fixed. The opinfo pointer, which is obtained through rcudereferencefp-fopinfo, is accessed after rcureadunlock has been called. This creates a race conditio...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/rw: Potential allocated iovec in the cache may be freed after a failure. If a read/write request passes through ioreqrwcleanup, and an allocated iovec is attached to the request but fails to be placed into the rwcache, it...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpfastopen. When reading sysctltcpfastopen, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpminsndmss. When reading sysctltcpminsndmss, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtrendpointpost Syzbot reported a slab-out-of-bounds Read in qrtrendpointpost. The problem was with the wrong sizetype: if len != ALIGNsize, 4 + hdrlen goto err; If the size from qrtrhdr is 4294967293...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed the issue where xasretry was missing in the fscache mode. The xarray iteration only holds the RCU read lock; therefore, an XARETRYENTRY might be encountered if a process modifies the xarray concurrently. This would...
Astra Linux - уязвимость в cgal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux - уязвимость в cgal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: IGMP: Fixed race conditions related to sysctligmpqrv. When reading sysctligmpqrv, it can be changed concurrently. Therefore, we need to add READONCE to its readers. This test can be incorporated into a helper function; such...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Reads-only VMA entries are no longer allowed for writing operations. The page fault handler should reject write/atomic access to reads-only VMA entries. Add code to handle this in xepagefaultservice after the...