18095 matches found
Astra Linux – Vulnerability in libsoup3
A flaw was discovered in the asynchronous message queue handling of the libsoup library, which is widely used by GNOME and WebKit-based applications for managing HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Python 3.11
The “tarfile” module will still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even when processing multi-block members such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could lead to a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebML in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the ecamencodercompressh264 function relied on server-controlled dimensions and did not validate the source buffer size, resulting in a out-of-bounds read in swsscale. This vulnerability has been fixed in...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height were updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE, but width/height have...
Astra Linux – Vulnerability in GIMP
A flaw was discovered in GIMP’s PSP Paint Shop Pro file parser. A remote attacker could exploit an integer overflow vulnerability in the readcreatorblock function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in the persistentcachereadentryv3 function in libfreerdp/cache/persistent.c, persistent-bmpSize was updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ASoC: fslxcvr: Revert to fixing the missing lock in fslxcvrmodeput This revert commits f51424872760 “ASoC: fslxcvr: fix missing lock in fslxcvrmodeput”. The original patch attempted to acquire the card-controlsrwsem lock in...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpugmcgetnpsmemranges. The amdgpudiscoverygetnpsinfo function internally allocates memory for ranges using kvcalloc, which may use vmalloc for large allocations. Using kfree to releas...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an issue where engid could be negative, causing the streamenc regs array to be indexed out of bounds. The variable engid is used directly as an index into the streamenc regs array, which has only 5 elements...
Astra Linux – Vulnerability in exiv2
Exiv2 is a C++ library and a command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC image metadata. Prior to version 0.28.8, a buffer overflow vulnerability was discovered. The vulnerability resides in the CRW image parser. This issue has been fixed in version...
Astra Linux – Vulnerability in GraphicsMagick
GraphicsMagick before 8e56520 has a heap-based buffer over-read issue in the ReadJXLImage function, located in coders/jxl.c, related to a call to ImportViewPixelArea...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in PDFium in Google Chrome prior to version 147.0.7727.101 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted PDF file. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in sdl-image1.2
SDLimage is a library for loading images of various formats as SDL surfaces. In the dolayersurface function in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without being validated against the colormap size cmnum. A crafted .xcf file with a smal...
Astra Linux – Vulnerability in gpsd
There is an integer underflow vulnerability in the nextstate function in gpsd/packet.c in gpsd versions prior to the commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4, without checking whether the input...
Astra Linux – Vulnerability in Chromium
Using WebCodecs with “after free” before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, a client-side heap buffer overflow occurred in the FreeRDP client’s AVC420/AVC444 YUV-to-RGB conversion process. This issue arose due to a lack of validation of the horizontal bounds of the H.264 metablock...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out-of-bounds heap write within the WaveletDenoiseImage method. When processing a crafted image using the -wavelet-denoise...
Astra Linux – Vulnerability in freeipa
A flaw was identified in the FreeIPA API audit; it sends the entire FreeIPA command line to journalctl. As a result, during the FreeIPA installation process, administrative user credentials—including the administrator’s password—are inadvertently leaked into the journal database. In the worst-cas...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer DVB Subtitles Out-of-Bounds: Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...
Astra Linux – Vulnerability in Qemu
An “off-by-one” error was detected in QEMU’s KVM Xen guest support. A malicious guest could exploit this flaw to trigger out-of-bounds heap accesses in the QEMU process through the emulated Xen physdev hypercall interface, resulting in a denial of service or potential memory corruption...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition DoS...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, there was a stack buffer overflow issue in ImageMagick’s morphology kernel parsing functions. User-controlled kernel strings that exceeded the buffer size were...
Astra Linux – Vulnerability in libssh
A malicious SCP server can send unexpected commands that may cause the client application to override local files outside of the working directory. This could be exploited to create malicious executable or configuration files, causing the user to execute them with specific consequences. This is t...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: rcu: Fixed a deadloop in rcureadunlock due to a softirq. The commit 5f5fa7ea89dc “rcu: Do not use negative nesting depth in rcureadunlock” removes the recursion-protection code from rcureadunlock. As a result, the deadloop could ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Unconditionally sets set-nelems before inserting an element. In the event that the set is full, a new element is inserted and then removed without waiting for the RCU grace period. Meanwhile, the RCU reader m...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Added a missing lock in cfg80211checkandendcac. Callers of wdevchandef must hold the wiphy mutex. However, the worker function cfg80211propagatecacdonewk never holds the wiphy mutex. This triggers the following...
Astra Linux – Vulnerability in vte2.91
GNOME VTE before version 0.76.3 allowed an attacker to cause a denial of service memory consumption through a window resizing escape sequence, a related issue to CVE-2000-0476...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, Magick failed to detect multi-layer nested MVG conversions to SVG, which could lead to DoS Denial of Service attacks. Versions 7.1.2-15 and 6.9.13-40 include a...
Astra Linux – Vulnerability in unbound
A vulnerability in caching resolvers called “Rebirthday Attack” has been discovered in resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., with the option --enable-subnet, and when configured to send ECS information along with queries to...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, failed to sanitize the input before writing it into the PostScript header. An attacker can provide a...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Fixed a null dereference of srq-rq.queue after a resize failure. A NULL pointer dereference can occur in rxesrqchkattr when ibvmodifysrq is invoked twice in succession under certain error conditions. The first call m...
Astra Linux – Vulnerability in Chromium
Using “after free in Base” in Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Critical...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebGL in Google Chrome prior to version 146.0.7680.165 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
In CSS, operations outside the bounds were allowed in Google Chrome before version 146.0.7680.165; this enabled a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in xwayland, xorg-server
A flaw was discovered in the X.Org X server. This “use-after-free” vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this vulnerability without any user interaction, resulting in a...
Astra Linux – Vulnerability in xwayland, xorg-server
A flaw was discovered in the X.Org X server. This out-of-bounds read vulnerability arises from the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions. It allows an attacker to read uninitialized or out-of-bounds memory. An attacker with access to the X1...
Astra Linux – Vulnerability in libcap2
A flaw was discovered in libcap. A local, unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to a file controlled by the attacker. By doi...
Astra Linux – Vulnerability in xwayland, xorg-server
A flaw was discovered in the X.Org X server. This integer underflow vulnerability, specifically related to the handling of the XKB compatibility map, allows an attacker with local or remote access to the X11 server to trigger a buffer read overflow. This can lead to memory safety violations and...
Astra Linux – Vulnerability in libpng1.6
LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.6.36 through 1.6.55, there was an out-of-bounds read and write vulnerability in libpng’s ARM/AArch64 Neon-optimized palette expansion path. When...
Astra Linux – Vulnerability in sudo
In Sudo, from version 1.9.17p2 until 3e474c2, a failure in the call of setuid, setgid, or setgroups functions, during a privilege drop before running the mailer, is not considered a fatal error. Such failures may lead to an escalation of privileges...
Astra Linux – Vulnerability in xwayland, xorg-server
A flaw was discovered in the X.Org X server’s validation of XKB key type requests. A local attacker could send a specially crafted request to the X server, leading to a vulnerability where out-of-bounds memory access could occur. This could result in the disclosure of sensitive information or cau...
Astra Linux – Vulnerability in xwayland, xorg-server
A flaw was discovered in the X.Org X server. This vulnerability, an out-of-bounds read, affects the handling of XKB X Keyboard Extension modifier maps. An attacker with access to the X11 server can exploit this by sending a malformed request, causing the server to read beyond its intended memory...
Astra Linux – Vulnerability in Python 3.11
User-controlled header names and values containing newlines can allow for the injection of HTTP headers...
Astra Linux – Vulnerability in glib2.0
A flaw was discovered in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, resulting in a denial of service or potential code execution through a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: KEYS: Trusted – Fixed a memory leak in tpm2loadcmd. tpm2loadcmd allocates a temporary blob indirectly through tpm2keydecode, but the blob is not freed during failure paths. This issue can be addressed by wrapping the blob with a...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters We have added validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes caused by malformed format strings...