Astra Linux - уязвимость в pandoc

Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file writing vulnerability. This vulnerability could be exploited by including a...

Astra Linux - уязвимость в xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains a buffer overflow vulnerability in the xrdpmmtransprocessdrdynvcchannelopen function. There are no known solutions to this...

Astra Linux - уязвимость в chromium

In V8 of Google Chrome, out-of-bounds memory access prior to version 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to an Out-of-Bounds Write vulnerability in the progressivedecompress function. This issue is likely due to incorrect calculations of the nXSrc and nYSrc...

Astra Linux - уязвимость в chromium

Accessing resources outside the allowed range using V8 in Google Chrome before version 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Before version 99.0.4844.51, using Accessibility in Google Chrome allowed a remote attacker who convinced a user to perform certain UI gestures to execute arbitrary read/write operations through a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the MMIO write access to an invalid page in i40eclearhw. When the device sends a specific input, an integer underflow can occur, resulting in MMIO write access to an invalid page. This issue can be prevented by changi...

Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the Linux kernel before version 5.19. In the pxa3xxgcuwrite function in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict between sizet and int, which causes an integer overflow and bypasses the size check. Additionally, since this parameter is us...

Astra Linux - уязвимость в vim

Out-of-bounds write to API in GitHub repository vim/vim prior to 9.0.0100...

Astra Linux - уязвимость в ntfs-3g

The file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs when handling a “PVRDMAREGDSRHIGH” write from the guest, and it may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The discard write access to the directory operation may not allow a directory to be opened with write access. However, certain writing flags set by clients result in adding write access on the server, making ksmbd...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allows out-of-bounds write-ups, because the main function, while having setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: memcgwriteeventcontrol: fixed a user-triggered oops. We do not guarantee that anything beyond the terminating NUL is mapped let alone initialized with anything sensible...

Astra Linux - уязвимость в libraw

In LibRaw, there is an out-of-bounds write vulnerability within the "newnode" function libraw\src\x3f\x3futilspatched.cpp that can be triggered via a crafted X3F file...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: tipc: fixed an information leak in tipctopsrvkernsubscr A 8-byte write was used to initialize the sub.usermHandle in tipctopsrvkernsubscr. Otherwise, four bytes remained uninitialized when calling setsockopt..., SOLTIPC,...

Astra Linux - уязвимость в linux-5.10

A vulnerability was discovered in the kvms390guestsidaop function within the arch/s390/kvm/kvm-s390.c file in KVM for s390 in the Linux kernel. This flaw allows a local attacker with normal user privileges to gain unauthorized memory write access. This vulnerability affects Linux kernel versions...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: HID: mcp2221: prevented a buffer overflow in mcpsmbuswrite Match Warning: drivers/hid/hid-mcp2221.c:388 mcpsmbuswrite error: memcpy ‘&mcp-txbuf5’ is too small 59 vs 255 drivers/hid/hid-mcp2221.c:388 mcpsmbuswrite error: memcpy...

Astra Linux - уязвимость в php7.3

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, and 8.3. before 8.3.14, uncontrolled long string inputs to the ldapescape function on 32-bit systems can lead to an integer overflow, resulting in an out-of-bounds write...

Astra Linux – Vulnerability in libstb

STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may cause memory writes to exceed the allocated heap buffer in startdecoder. The root cause of this issue is a potential integer overflow in sizeofchar f-commentlistlength, which may...