Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: The ioaw hook was defined as mmiowb. The commit fb24ea52f78e0d595852e states that “drivers: Explicit invocations of mmiowb were removed.” All occurrences of mmiowb in drivers were removed. However, it is noted that:...

Astra Linux - уязвимость в bcel

Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...

Astra Linux - уязвимость в linux-5.15

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sysctl: Data race issues in procdouintvecminmax have been fixed. A sysctl variable is accessed concurrently, and there is always a risk of data races. Therefore, both readers and writers need some basic protection to avoid data...

Astra Linux - уязвимость в sox

In SoX 14.4.2, there is a floating-point exception in lsxaiffstartwrite in the aiff.c file of libsox.a...

Astra Linux - уязвимость в sox

A floating-point exception vulnerability was discovered in sox, within the lsxaiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protecting of L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. This ensures that the TDP MMU takes into...

Astra Linux - уязвимость в chromium

Before version 106.0.5249.91, writing out-of-bounds data in V8 with Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fixed the crash that occurred when using WRITESAME without a data buffer. In the newer versions of the SBC specifications, there’s a NDOB bit that indicates that there is no data buffer being written. If this bit is...

Astra Linux - уязвимость в ceph

A flaw was discovered in OpenStack Manilla that manages Ceph File systems’ shares. This flaw allows the owner to read/write any share or entire file system. The vulnerability stems from a bug in the “volumes” plugin of the Ceph Manager. This allows attackers to compromise the confidentiality and...

Astra Linux – Vulnerability in Firefox and Thunderbird

If a compromised content process sends an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out-of-bounds write would occur, leading to memory corruption and potentially exploitable crashes. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...

Astra Linux - уязвимость в ffmpeg

A issue was discovered in the function latmwritepacket in the file libavformat/latmenc.c in Ffmpeg 4.2.1. This issue allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemset in libtiff/tifunix.c:340, when called from the process ProcessCropSelections, tools/tiffcrop.c:7619. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIFF file. For users who compile...

Astra Linux - уязвимость в git-lfs

Git LFS is an extension to Git for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository’s working tree with the contents of Git LFS objects, certain Git LFS commands might write to files that are visible outside the current Git working tree, if symboli...

Astra Linux - уязвимость в linux-5.10, linux

A flaw was discovered in KVM. When updating a guest’s page table entry, vmpgoff was incorrectly used as the offset to obtain the page’s pfn. Since vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region...

Astra Linux - уязвимость в vim

Out-of-bounds write in the GitHub repository for Vim/Vim before version 8.2...

Astra Linux - уязвимость в chromium, firefox, thunderbird, libwebp

A heap buffer overflow in libwebp in Google Chrome prior to version 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Chromium security severity: Critical...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculations, the library may incorrectly calculate buffer boundaries. This can lead to memory writes outside of the allocated buffer. Applications...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...