18102 matches found
Astra Linux – Vulnerability in libass
A stack overflow occurred in the parsetag function in libass/assparse.c in libass before version 0.15.0. This vulnerability allows remote attackers to cause a denial of service or remote code execution through a crafted file...
Astra Linux – Vulnerability in Ruby 2.5
The REXML gem before version 3.2.5 in Ruby, before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly handle XML round-trip issues. An incorrect document may be generated after parsing and serializing...
Astra Linux – Vulnerability in Rails
Action Pack is a framework for handling and responding to web requests. Under certain circumstances, response bodies may not be closed properly. If a response does not notify the system of a close operation, ActionDispatch::Executor will not know to reset the thread local state for the next...
Astra Linux – Vulnerability in GIMP
GIMP PSD File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user’s password may be read aloud by VoiceOver...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: - clk: tegra: Fixed a refcount leak in tegra210clockinit. - offindmatchingnode returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. - Added ofnodeput to avoid...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fixed the issue where the array ‘lp-phy8’ might be out of bounds. In line 5001, if all values in the array ‘lp-phy8’ are not 0, then at the end of the ‘for’ loop, the value of ‘k’ will be 8. At this point, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ping: Fixed a potential NULL dereference for /proc/net/icmp. After committing the change dbca1596bbb0 “ping: Converted to RCU lookups, removed rwlock”, we use RCU for ping sockets. However, we should still use a spinlock for...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in libwebp
A flaw was discovered in libwebp in versions prior to 1.0.1. A use-after-free vulnerability was identified due to a thread being terminated prematurely. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...
Astra Linux – Vulnerability in libstb
It was discovered that stbimage.h v2.27 contains a heap-based use-after-free issue due to the stbijpeghuffdecode function...
Astra Linux – Vulnerability in Chromium
The use of “after free” in ANGLE in Google Chrome before version 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Zabbix
The vulnerability is caused by an improper check to ensure that RDLENGTH does not overflow the buffer in response from the DNS server...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucvirqdata needs to be 4 bytes larger. These bytes are not used by the iucv module, but written by the z/VM hypervisor in case a CPU is deconfigured. Reported as: BUG dma-kmalloc-64 Not...
Astra Linux – Vulnerability in Firefox and Thunderbird
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird 102.10...
Astra Linux – Vulnerability in Zabbix
The memory pointer is a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Staging: greybus: uart: fixed the issue where tty was used after it was freed. The user space can keep a tty open indefinitely, and tty drivers must not release the underlying structures until the last user has left. We have...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fixed an issue where an interrupt storm occurred after receiving a corrupted ifid in the IRQ handler. Commit 31a7a0bbeb00 “dpaa2-switch”: added a range check for ifid in the IRQ handler introduces a mechanism to...
Astra Linux – Vulnerability in open-vm-tools
VMware Tools 12.0.0, 11.x.y, and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the guest OS can escalate privileges as a root user in the virtual machine...
Astra Linux – Vulnerability in open-vm-tools
A fully compromised ESXi host can cause VMware Tools to fail in authenticating host-to-guest operations, thereby affecting the confidentiality and integrity of the guest virtual machine...
Astra Linux – Vulnerability in open-vm-tools
open-vm-tools contains a file descriptor hijacking vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fixed handling of partial GPU mapping of BOs This commit fixes the bug in handling partial mapping of buffer objects to the GPU, which caused kernel warnings. Panthor did not handle correctly the case where the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush the async PF workqueue when a vCPU is being destroyed. Whenever a vCPU clears its completion queue, i.e., when a VM and all its vCPUs are being destroyed, the async PF workqueue must always be flushed. KVM must...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: moved xesvminit earlier. In xevmcloseandput, we need to be able to call xesvmfini. However, during vm creation, we can call this function on the error path, before actually initializing the svm state. This leads to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Ensure that lastfence is always updated. Update lastfence in the vm-bind path, rather than the kernel-managed path. lastfence is used to wait for work to complete in vmbind contexts, but not in kernel-managed contexts...
Astra Linux – Vulnerability in Qemu
In QEMU versions up to 8.0.0, a division by zero can occur in the scsidiskreset function in hw/scsi/scsi-disk.c. This occurs because scsidiskemulatemodeselect does not prevent the s-qdev blocksize from being 256. This causes QEMU and the guest to stop functioning immediately...
Astra Linux – Vulnerability in Netty
Netty is an asynchronous, event-driven network application framework designed for rapid development of maintainable, high-performance protocol servers and clients. In versions prior to 4.1.71.Final, Netty would skip control characters when they appeared at the beginning or end of a header name...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: A bug that led to out-of-bounds access was fixed in the mchpipcgetclusteraggrirq function. The clustercfg array is dynamically allocated to hold per-CPU configuration structures. Its size is determined by t...
Astra Linux – Vulnerability in Firefox and Thunderbird
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash, which could have led to a sandbox escape. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 113. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 114...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR...
Astra Linux – Vulnerability in Firefox
When choosing a site-isolated process for a document loaded from a data: A URL that was the result of a redirect would be loaded by Firefox in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that hosted an...
Astra Linux – Vulnerability in Firefox and Thunderbird
The error page for sites with invalid TLS certificates lacked the activation-delay feature provided by Firefox to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page triggered user clicks at specific locations immediately before...
Astra Linux – Vulnerability in Thunderbird, Firefox
A website could have obscured the full-screen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 116, Firefox ESR 115.2, and Thunderbi...
Astra Linux – Vulnerability in Thunderbird, Firefox
A website could have obscured the full-screen notification by using the file open dialog. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 116, Firefox ESR 115.2, and Thunderbird 115.2...
Astra Linux – Vulnerability in OpenLDAP
A flaw was discovered in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, thereby triggering an assertion failure. The greatest threat of this vulnerability is to system availability...
Astra Linux – Vulnerability in Firefox and Thunderbird
Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt. This results in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: kcm: fixed the order of calls to strpinit and cleanup. strpinit is called just a few lines above this csk-skuserdata check. It also initializes strp-work, etc. Therefore, there’s no need to call strpdone to cancel the newly...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free flaw was discovered in the Linux kernel’s NFC core functionality due to a race condition between the creation and deletion of kobjects. This vulnerability allows a local attacker with CAPNETADMIN privileges to leak kernel information...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: cxgb4: Avoid accessing registers when clearing filters. A hardware register that contains the server TID base can contain invalid values when the adapter is in a faulty state for example, due to an AER fatal error. Reading these...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: mfd: davincivoicecodec: Fixed a possible nullptrderef issue in davincivcprobe. This issue could lead to a nullptrderef when using ‘res’. If platformgetresource returns NULL, moving using ‘res’ after devmioremapresource will preve...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: fixed information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the newly added packettype by reading the...
Astra Linux – Vulnerability in libjpeg-turbo
Libjpeg-turbo 1.5.2 has a NULL Pointer Dereference issue in files jdpostct.c and jquant1.c, due to a malicious JPEG file...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Blink in Google Chrome prior to version 101.0.4951.41 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially execute a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvtsthermal: Fixed a memory leak in the error handling path. If devmkrealloc fails, then ‘efuse’ is leaking memory. Therefore, it should be freed to avoid the memory leak...
Astra Linux – Vulnerability in netcdf
The ezxmlnew function in ezXML 0.8.6 and earlier is vulnerable to OOB write attacks when opening an XML file after exhausting the memory pool...
Astra Linux - уязвимость в u-boot
A issue was discovered in Das U-Boot during the period from 2019.07. There is a stack-based buffer overflow in the nfshandler reply helper function: nfsumountallreply...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommususpend. The iommususpend system call’s suspend callback is invoked with IRQs disabled.allocating memory with the GFPKERNEL flag may re-enable IRQs during the suspend callback, which ca...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/cma: Fixed a kmemleak in rdmacore that was observed during the blktests nvme/rdma tests with siw. When running the blktests nvme/rdma tests, the following kmemleak issue will appear: - kmemleak: The kernel memory leak...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: kprobes: The posthandler of aggrprobe is cleared in the case where kprobe-on-ftrace is used. In unregisterkprobetop, if the currently unregistered probe has a posthandler, but other child probes of aggrprobe do not have a...