161977 matches found
Astra Linux – Vulnerability in Chromium
Insufficient data validation in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Tomcat9
Improper input validation vulnerability. This issue affects Apache Tomcat: versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.49, and 9.0.0-M1 through 9.0.112. The following versions were at the end of their support lifecycles at the time the CVE was created, but are still affected: 8.5.0...
Astra Linux – Vulnerability in Tomcat9
There is a vulnerability related to improper input validation in Apache Tomcat. Tomcat did not restrict HTTP/0.9 requests to only the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, users could bypass this constraint on GET requests by...
Astra Linux – Vulnerability in libpcap
The sf-pcapng.c file in libpcap before version 1.9.1 does not properly validate the PHB header length before allocating memory...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: rejecting negative ifindex values Recent changes in net-next commit 759ab1edb56c refactored the handling of pre-assigned ifindex values. This led to a latent issue in ovs. ovs does not validate ifindex values,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added an array index check for hdcp ddc access. Reason Coverity reports an OVERRUN warning. Do not check if the array index is valid. How Check that the msgid is valid and that the array index is valid...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/9p: Fixed buffer overflow in the USB transport layer. There is a buffer overflow vulnerability in the USB 9pfs transport layer. In this case, inconsistencies in size validation between packet header parsing and actual data...
Astra Linux – Vulnerability in Intel Microcode
Improper input validation in the UEFI firmware CseVariableStorageSmm for some Intel processors may allow a privileged user to potentially enable privilege escalation through local access...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Check msgid before processing a transaction. WHY & HOW “HDCPMESSAGEIDINVALID -1” is not a valid msgid, nor is it a valid array index. Therefore, it needs to be checked before being used. This fix addresses 4...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: geneve: Fixed header validation in geneve6xmitskb. syzbot is able to trigger an uninit-value in genevexmit. Problem: While most IP tunnel helpers such as iptunnelgetdsfield use skbprotocolskb, true, pskbinetmaypull only uses...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: A fix was made to perform a sanity check on the destination blkaddr during recovery. As Wenqing Liu reported in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 loop5: A change in capacity was detected, from 0...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved input validation. This issue is fixed in Safari 18.1, iOS 18.1, iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, and watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate the dataoffset and datalength fields of the smbdirectdatatransfer structure. If the dataoffset and datalength fields of the smbdirectdatatransfer structure are invalid, an out-of-bounds issue may occur...
Astra Linux – Vulnerability in qtdeclarative-opensource-src
Unrestricted or throttled resource allocation, improper validation of the specified quantity in input parameters, and vulnerabilities in The Qt Company’s Qt framework on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64-bit, and 32-bit platforms can lead to excessive resource allocation. This iss...
Astra Linux – Vulnerability in Intel Microcode
Improper input validation in some IntelR TDX module software prior to version 1.5.05.46.698 may allow a privileged user to potentially enable privilege escalation through local access...
Astra Linux – Vulnerability in WebKit2GTK
A cross-origin issue in the IndexDB API has been resolved through improved input validation. This issue is fixed in iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, and macOS Monterey 12.2. It is possible for a website to track sensitive user information...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. A lack of enforcement of an upper-bound limit on strings passed during IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
Astra Linux – Vulnerability in libraw
LibRaw before 0.20-RC1 lacks a check for the thumbnail size range. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength is used without validating T.tlength...
Astra Linux – Vulnerability in Zabbix
Zabbix allows for the configuration of SMS notifications. AT command injection occurs on the “Zabbix Server” because there is no validation of the “Number” field either on the web interface or on the Zabbix server side. An attacker can send specially crafted phone numbers via SMS and execute...
Astra Linux – Vulnerability in WebKit2GTK
Integer overflow has been addressed through improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...