Astra Linux - уязвимость в chromium

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile does not initialize the aiocmd-iocb for the kiwritestream. When the writecommand fdexecuterwaio is executed, we may receive an invalid value for kiwritestream,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Reads-only VMA entries are no longer allowed for writing operations. The page fault handler should reject write/atomic access to reads-only VMA entries. Add code to handle this in xepagefaultservice after the...

Astra Linux - уязвимость в u-boot

In “Das U-Boot through 2020.01”, a double-free operation was detected in the cmd/gpt.c file’s dorenamegptparts function. Double-freeing can lead to a “write-what-where” condition, allowing an attacker to execute arbitrary code. NOTE: This vulnerability was introduced when attempting to fix a memo...

Astra Linux - уязвимость в gzip, xz-utils

A arbitrary file writing vulnerability was discovered in the GNU gzip’s zgrep utility. When zgrep is applied to a file name chosen by the attacker e.g., a crafted file name, it can overwrite the content of the target file with an arbitrary file selected by the attacker. This flaw arises due to...

Astra Linux - уязвимость в flac

In streamencoder.c, there is a potential out-of-bounds write due to a missing bounds check. This could lead to exposure of local information without requiring additional execution privileges. User interaction is not required for exploitation. Product: Android Versions: Android-11 Android ID:...

Astra Linux - уязвимость в sox

A floating-point exception vulnerability was discovered in sox, within the lsxaiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service...

Astra Linux - уязвимость в linux-5.10

A out-of-bounds memory write flaw was discovered in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...

Astra Linux - уязвимость в vim

Out-of-bounds write in the GitHub repository for Vim/Vim before version 8.2...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: hfs: fixed OOB read in hfsbrecfind Syzbot reported a OOB read bug: ================================================================== Bug: KASAN: slab-out-of-bounds in hfsstrcmp+0x117/0x190 fs/hfs/string.c:84 A read of size 1...

Astra Linux - уязвимость в grub2

A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...

Astra Linux - уязвимость в chromium, firefox, thunderbird, libwebp

A heap buffer overflow in libwebp in Google Chrome prior to version 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Chromium security severity: Critical...

Astra Linux - уязвимость в linux, linux-5.10

A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c within the ext4 subsystem of the Linux kernel, as of version 5.13.13...

Astra Linux - уязвимость в chromium

The use of after-free in the UI of Google Chrome before version 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в linux-5.10

A vulnerability was discovered in the kvms390guestsidaop function within the arch/s390/kvm/kvm-s390.c file in KVM for s390 in the Linux kernel. This flaw allows a local attacker with normal user privileges to gain unauthorized memory write access. This vulnerability affects Linux kernel versions...

Astra Linux - уязвимость в wpa

In p2pcopyclientinfo of p2p.c, there is a potential out-of-bounds write vulnerability due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, without the need for additional execution privileges. User interaction is not...

Astra Linux - уязвимость в chromium

The use of after-free in ANGLE in Google Chrome before version 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Before version 117.0.5938.62, SwiftShader in Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

In V8 of Google Chrome, out-of-bounds memory access prior to version 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в ntp

In the file libntp/mstolfp.c, within the NTP version 4.2.8p15, there is a buffer overflow vulnerability in the while loop of the cpcpdec function. An adversary could potentially attack a client NTPQ process, but they cannot attack the ntpd process...