18102 matches found
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc in version 1.9.12. A heap buffer overflow in pspdfpreparepage, located in ps-pdf.cxx, may allow for the execution of arbitrary code and cause a denial of service attack...
Astra Linux – Vulnerability in Xen
Potential speculative code storage bypasses exist in all supported CPU products. Combined with software vulnerabilities related to speculative execution of overwritten instructions, this could lead to incorrect speculation and potentially cause data leakage...
Astra Linux – Vulnerability in Chromium
Before version 91.0.4472.77, using free after in WebRTC in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted SCTP packet...
Astra Linux – Vulnerability in SQLite3
SQLite 3.30.1 improperly handles pExpr-y.pTab, as demonstrated in the TKCOLUMN case within sqlite3ExprCodeTarget in expr.c...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations of WebAuthentication in Google Chrome prior to version 96.0.4664.45 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
Astra Linux – Vulnerability in WebKit2GTK
Integer overflow has been addressed through improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.52.0, a double-free error can occur in the Vec::fromiter function if the process of freeing the element causes a panic...
Astra Linux – Vulnerability in pillow
In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for an ICNS container. As a result, a memory allocation attempt can be quite large...
Astra Linux – Vulnerability in pillow
In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for an ICO container. As a result, a memory allocation attempt can be quite large...
Astra Linux – Vulnerability in krb5
In kdc/kdcpreauthec.c of the Key Distribution Center KDC in MIT Kerberos 5 also known as krb5, before versions 1.18.4 and 1.19.x, and before version 1.19.2, remote attackers could exploit a vulnerability that led to a NULL pointer dereferencing and a crash of the daemon. This occurs because the...
Astra Linux – Vulnerability in Raptor2
A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon...
Astra Linux – Vulnerability in Qemu
A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to improper handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...
Astra Linux – Vulnerability in node-getobject
A vulnerability in the prototype pollution mechanism in the 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...
Astra Linux – Vulnerability in Qemu
In QEMU 5.1.0, the ideatapicmdreplyend variable in hw/ide/atapi.c allows out-of-bounds read access, as the buffer index is not validated...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS...
Astra Linux – Vulnerability in DjVuLibre
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by an infinite loop in GBitmap::readrleraw by creating a corrupted image file, which is related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...
Astra Linux – Vulnerability in GraphicsMagick
GraphicsMagick version 1.3.35 has a heap-based buffer overflow in the ReadMNGImage function in the coders/png.c file...
Astra Linux – Vulnerability in Samba
A null pointer dereference flaw was detected in Samba’s Winbind service in versions prior to 4.11.15, before 4.12.9, and before 4.13.1. A local user could exploit this flaw to crash the Winbind service, resulting in a denial of service...
Astra Linux – Vulnerability in Qemu
In QEMU versions up to 5.0.0, an assertion failure can occur during network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could exploit this flaw to terminate the QEMU process on the host, resulting in a denial-of-service condition in...
Astra Linux – Vulnerability in binutils
There is a memory leak issue in the Binary File Descriptor BFD library also known as libbfd within the GNU Binutils 2.34, specifically in the bfdhashlookup function. This issue can lead to a denial of service attack through a specially crafted file...
Astra Linux – Vulnerability in zziplib
The infinite loop in zziplib v0.13.69 allows remote attackers to cause a denial of service by using the return value “zzipfileread” in the function “unzzipcatfile”...
Astra Linux – Vulnerability in PostgresSQL 11
A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: tipc: skblinearize the head skb when reassembling msgs It’s not a good idea to append the frag skb to a skb’s fraglist if the fraglist already contains skbs from elsewhere. For example, this frag skb was created by pskbcopy, wher...
Astra Linux – Vulnerability in Chromium
In the Network Config UI of the Google Chrome browser on ChromeOS, incorrect security interfaces existed prior to version 90.0.4430.72. This allowed remote attackers to potentially compromise Wi-Fi connection security through a malicious wireless access point...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 90.0.4430.72, using extensions in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape through a crafted Chrome Extension...
Astra Linux – Vulnerability in Chromium
Using “after free” in Blink in Google Chrome before version 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Using "after free" in Blink in Google Chrome before version 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 88.0.4324.96, using Blink with a "after free" mechanism allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape through a crafted Chrome Extension...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in downloads within Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Extensions in Google Chrome prior to version 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Google Chrome Extension...
Astra Linux – Vulnerability in Chromium
Before version 89.0.4389.72, using free after in WebRTC in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in node-hosted-git-info
Packages that use hosted-git-info before version 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS attacks due to the regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expressions have a polynomial worst-case time complexity...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free exists in the drivers/tee/teeshm.c file within the TEE subsystem of the Linux kernel, as of version 5.15.11. This issue arises due to a race condition during the teeshmgetfromid function, when attempting to free a shared memory object...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved bounds checks. This issue has been fixed in tvOS 15.6, watchOS 8.7, iOS 15.6, and iPadOS 15.6, macOS Monterey 12.5, and Safari 15.6. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd-result only when scmnd is not NULL. This change fixes the following kernel NULL pointer dereference, which is occasionally reproduced by blktests srp/007. Bug: Kernel NULL pointer dereference, address:...
Astra Linux – Vulnerability in Linux 5.10, Linux
The mm/rmap.c file in the Linux kernel before version 5.19.7 contains a use-after-free issue related to the double reuse of the leaf anonvma structure...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Video: fbdev: smscufx: Fixed null-ptr-deref in ufxusbprobe I received a report of a null-ptr-deref issue: Bug: NULL pointer dereferencing in the kernel; address: 0000000000000000 … RIP: 0010:fbDestroyModelist+0x38/0x100 … Call...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel before version 4.8, the usbparseendpoint function in drivers/usb/core/config.c did not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...
Astra Linux – Vulnerability in unbound
Unbound before version 1.9.5 allows for an integer overflow in the regional allocator through regionalalloc. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rt4801: Fixed a NULL pointer dereferencing issue when priv-enablegpios is NULL. devmgpiodgetarrayoptional may return NULL if no GPIO was assigned...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail out from dwc3gadgetexit if dwc-gadget is NULL. There exists a possible scenario in which dwc3gadgetinit may fail: during the switch between peripheral and host modes in dwc3setmode, and if a pending gadget...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: i2c: Fixed a potential use after free The adap structure should only be freed after we have finished using it. This patch simply moves the putdevice function slightly to avoid the potential issue after freeing the structure. wsa:...
Astra Linux – Vulnerability in Linux 5.10
The checkaluop function in kernel/bpf/verifier.c in the Linux kernel, as of v5.16-rc5, did not properly update the bounds when handling the mov32 instruction. This issue allows local users to obtain potentially sensitive address information, also known as a “pointer leak.”...
Astra Linux – Vulnerability in edk2
The example of an encrypted private key in EDK2, located in the IpSecDxe.efi, may pose potential security risks...
Astra Linux – Vulnerability in GhostScript
A heap-based buffer overwrite vulnerability was discovered in the lp8000printpage function of GhostScript, located in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a specially crafted PDF file, triggering a heap buffer overflow that could lead to memory corruption...
Astra Linux – Vulnerability in WebKit2GTK
An information disclosure issue was resolved by removing the vulnerable code. This issue has been fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari’s private browsing mode...