59506 matches found
Astra Linux - уязвимость в chromium
The use of after-free in Media in Google Chrome before version 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: Fixed a potential out-of-bounds write during NVMEM read operations in PCF85063. The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client us...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: x86/mm/pat: fixed the handling of VMPAT in COW mappings. The handling of VMPAT does not work correctly in COW mappings: the first PTE or, in fact, all PTEs can be replaced during write faults, causing them to point to anonymou...
Astra Linux - уязвимость в net-snmp
Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could exploit an improper input validation vulnerability when setting malformed OIDs in both the master agent and subagent simultaneously. Version 5.9.2...
Astra Linux - уязвимость в libpgjava
In pgjdbc before version 42.3.3, an attacker who controls the jdbc URL or properties can use java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example scenario is that an attacker could create a executable JSP file under a...
Astra Linux - уязвимость в linux, linux-5.10
A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c within the ext4 subsystem of the Linux kernel, as of version 5.13.13...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfc: nxp-nci: Fixed a potential memory leak in nxpncisend The nxpncisend function calls nxpncii2cwrite. The skb is only freed when nxpncii2cwrite fails. However, even if nxpncii2cwrite succeeds, the skb is not freed at that...
Astra Linux - уязвимость в qemu
A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs when handling a “PVRDMAREGDSRHIGH” write from the guest, and it may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer...
Astra Linux - уязвимость в pandoc
Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file writing vulnerability. This vulnerability could be exploited by including a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: uacce: fixed the isolate/sysfs check condition. uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will now create sysfs...
Astra Linux - уязвимость в cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user belonging to the lpadmin group could use the cups web interface to modify configurations and insert malicious lines. As a result, the cupsd process, running as root...
Astra Linux - уязвимость в firefox, thunderbird
An attacker was able to perform out-of-bounds read or write operations on a JavaScript Promise object. This vulnerability has been fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...
Astra Linux – Vulnerability in libstb
STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may cause memory writes to exceed the allocated heap buffer in startdecoder. The root cause of this issue is a potential integer overflow in sizeofchar f-commentlistlength, which may...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfs: Fixed error handling for unbuffered writes If all subrequests in an unbuffered write stream fail, the subrequest collector does not update the stream-transferred value, and it retains its initial LONGMAX value...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: Call invalidatecache only if implemented Many filesystems such as NFS and Ceph do not implement the invalidatecache method. On those filesystems, if writing to the cache NETFSWRITETOCACHE fails for some reason, the kernel...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN exception may occur: BUG: KASAN: Out-of-bounds access in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a warning in ext4iomapbegin due to a race between bmap and write The issue occurs as follows: ------------ cut here ------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4iomapbegin+0x182/0x5d0 RIP:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: Only reference swappfn is called if the type matches. Yu Zhao reported a bug after the commit “mm/swap: Add swpoffsetpfn to fetch PFN from swap entries” added a check in swpoffsetpfn for the swap type 1: Kernel Bug a...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: removing WARNON from hfspluscatread,writeinode. The syzbot tool encounters WARNON in hfspluscatread,writeinode, where a crafted filesystem image may contain invalid lengths. These conditions do not constitute kernel...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed the bug in ext4writepages We encountered the following issue: EXT4-fs error device loop0: ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------ cut here...