59501 matches found
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemset in libtiff/tifunix.c:340, when called from the process ProcessCropSelections, tools/tiffcrop.c:7619. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIFF file. For users who compile...
Astra Linux - уязвимость в vim
Out-of-bounds write in the GitHub repository for Vim/Vim before version 8.2...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed an out-of-bounds write issue in ksmbdvfsstreamwrite. The offset from the client can be a negative value, which may allow writing data beyond the allocated buffer’s boundaries. Note that this issue occurs when setting...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net:sched:schmultiq: A potential out-of-bounds write occurred during the multiqtune function. The q-bands fields will be assigned to qopt-bands to execute subsequent code logic after kmalloc. Therefore, the old q-bands fields...
Astra Linux - уязвимость в ffmpeg
A issue was discovered in the function latmwritepacket in the file libavformat/latmenc.c in Ffmpeg 4.2.1. This issue allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed a null pointer panic in the tracepoint of replaceatomicwriteblock. A kernel panic occurs when oldaddr is NULL. https://bugzilla.kernel.org/showbug.cgi?id=217266 BUG: Null pointer dereferencing in the kernel; address:...
Astra Linux - уязвимость в git-lfs
Git LFS is an extension to Git for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository’s working tree with the contents of Git LFS objects, certain Git LFS commands might write to files that are visible outside the current Git working tree, if symboli...
Astra Linux - уязвимость в cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user belonging to the lpadmin group could use the cups web interface to modify configurations and insert malicious lines. As a result, the cupsd process, running as root...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Ensure that write operations are atomic. syzbot reported a NULL pointer dereference in genericfilewriteiter. Before the write operation is completed, the user executes ioctl to clear the compress flag of the file. This...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...
Astra Linux - уязвимость в djvulibre
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method was vulnerable to an OOB-write vulnerability, as it did not check that the xr pointer remained within the bounds of the allocated buffer...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: dccp: Fixed a race condition around the dp-dccpsmsscache variable. The dccpsendmsg function reads the dp-dccpsmsscache before locking the socket. The same issue occurs in dodccpgetsockopt. Added READONCE/WRITEONCE annotations,...
Astra Linux - уязвимость в chromium
Before version 124.0.6367.207, writing out-of-bounds data in V8 using Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: systemport: Added global locking for the descriptor lifecycle. The descriptor list is a shared resource across all transmit queues. The locking mechanism currently used only protects concurrency within a given transmit queue...
Astra Linux - уязвимость в php-pear
In ArchiveTar version 1.4.11, the Tar.php script allows write operations involving directory traversal, due to insufficient checking of symbolic links. This issue is related to CVE-2020-28948...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A out-of-bounds write vulnerability was identified in the converttos3341a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed the out-of-bounds write warning. Check the ring type value to address the out-of-bounds write warning...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: KVM: Fixed a data race on lastboostedvcpu in kvmvcpuonspin. Used READ, WRITEONCE to access kvm-lastboostedvcpu to ensure that reads and writes are atomic. In the extremely unlikely scenario where the compiler introduces errors in...
Astra Linux - уязвимость в chromium
“Type Confusion in V8” in Google Chrome before version 129.0.6668.100 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox
Service Workers did not correctly detect Private Browsing Mode in all cases, which could result in Service Workers being written to disk for websites visited in Private Browsing Mode. This would not preserve them in a state where they would run again, but it would allow Private Browsing Mode...