59400 matches found
Astra Linux - уязвимость в chromium
The use of after-free in the UI of Google Chrome before version 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в ntp
In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when adding a decimal point. An adversary may be able to attack a client’s ntpq process, but they cannot attack the ntpd process...
Astra Linux - уязвимость в chromium
The use of after-free in ANGLE in Google Chrome before version 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox
An attacker could write data to the user’s clipboard by bypassing the user prompt during a certain sequence of navigation events. This vulnerability affects Firefox 129, Firefox ESR 128.3, and Thunderbird 128.3...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tty: serial: sh-sci: fix RSCI FIFO overrun handling The receive error handling code is shared between RSCI and all other SCIF port types. However, for RSCI, the “overrunreg” is specified as a memory offset. For other SCIF types, ...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the warning from kernelwriteiter 2110.972290 ------------ Cut here ------------ 2110.972301 WARNING: CPU: 3 PID: 735 at fs/readwrite.c:599 kernelwriteiter+0x21b/0x280 This patch does not allow writing to directories...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: 9p/transfd: Always use ONONBLOCK for read/write operations. The syzbot report indicates that tasks become hung at p9fdclose, due to p9muxpollstop. This occurs because p9connDestroy fails to interrupt kernelread/kernelwrite that...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: added a null check for devmkmallocarray in fdpncii2creaddeviceproperties. devmkmallocarray may fail; fwvsccfg may be null, causing an out-of-bounds write in devicepropertyreadu8array later...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear the XFD-disabled features in the saved or to be...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: media: cxusb: No longer judges rbuf when the write fails syzbot reported a uninit-value in cxusbi2cxfer. 1 Only when the write operation of usbbulkmsg in dvbusbgenericrw succeeds and rlen is greater than 0, the read operation ...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits handle insn-n samples. The insnrwemulatebits function is used as a default handler for INSNREAD instructions for sub-devices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drbd: Added krefget to the handlewriteconflicts function. With “two-primaries” enabled, DRBD attempts to detect “concurrent” writes and handle write conflicts. This ensures that even if you write to the same sector simultaneously...
Astra Linux - уязвимость в git
Gitk is a Tcl/Tk-based Git history browser. Starting with version 1.7.0, when a user clones an untrusted repository and runs Gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option “Support per-file encoding” must have been...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Maps shared memory as WC, not WB. Linux does not write to the cmd-db region. This memory region is protected from writing by XPU. XPU may sometimes incorrectly detect a clean cache eviction as a “write” to the...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: f2fs: Assign CURSEGALLDATAATGC if blkaddr is valid mkdir /mnt/test/comp f2fsio.setflagscompression = /mnt/test/comp dd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1 truncate --size 13 /mnt/test/comp/testfile In the above...
Astra Linux - уязвимость в imagemagick
A flaw was discovered in ImageMagick version 7.0.11. In this version, an integer overflow in the WriteTHUMBNAILImage function in the coders/thumbnail.c file may lead to undefined behavior when processing a specially crafted image file submitted by an attacker. The greatest threat posed by this...
Astra Linux - уязвимость в webkit2gtk
The issue was addressed through improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, and watchOS 10.5. An attacker with arbitrary read and write capabilities may be able to bypass Pointer Authentication...
Astra Linux - уязвимость в linux, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: tomoyo: Fixed the UAF write bug in tomoyowritecontrol. Since tomoyowritecontrol updates head-writebuf when the write function is called for long lines, we need to retrieve head-writebuf after holding head-iosem. Otherwise,...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: Fixed the issue of partial SETREGSET for NTARMTAGGEDADDRCTRL. Currently, the taggedaddrctrlset function does not initialize the temporary “ctrl” variable. A SETREGSET call with a length of zero will leave this...