18102 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf The current code produces a warning when the total number of characters in the constituent block device names, plus the slashes, exceeds 200. snprintf returns the number of characters generated...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – A memory leak occurred due to multiple rxstats allocations. rxstats for each arsta is allocated when a station is added. arsta-rxstats will be freed when a station is removed. Redundant allocations occur when the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a NULL pointer dereferencing issue in smb2getinfofilesystem. If share is provided, share-path will be NULL, which can lead to a NULL pointer dereferencing issue...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Sysv: Do not call sbbread with pointerlock held. syzbot reports sleep in atomic context in the SysV filesystem 1. For sbbread, the function is called with rwspinlock held. A bug involving a “deadlock due to...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: jfs: fixed an array-index-out-of-bounds issue in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 Index -878706688 is out of range for the type 'struct iagctl128' CPU: 1 PID: 5065 Comm:...
Astra Linux – Vulnerability in WebKit2GTK
A logic issue has been resolved through improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8, and iPadOS 15.7.8; tvOS 16.6, iOS 16.6, and iPadOS 16.6; macOS Ventura 13.5. It is possible for websites to potentially access sensitive user information...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: mt7996: Fixed possible OOB access in mt7996tx. There is a possibility of Out-of-Boundary access in the mt7996tx routine if linkid is set to IEEE80211LINKUNSPECIFIED...
Astra Linux – Vulnerability in openimageio
A buffer overflow vulnerability exists in OpenImageIO oiio v.2.4.12.0, allowing a remote attacker to execute arbitrary code and cause a denial of service through the readsubimagedata function...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: rcv: move memblockallowresize after linear mapping is ready The initial memblock metadata is accessed from the kernel image mapping. The regions arrays need to be “reallocated” from memblock and accessed through linear mapping to...
Astra Linux – Vulnerability in libcommons-fileupload-java, tomcat9
The allocation of resources for multipart headers with insufficient limits enabled created a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: versions from 1.0 before 1.6, and from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to version 1...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the issue where “r10bio-remaining” was leaked for recovery purposes. raid10syncrequest will add “r10bio-remaining” for both rdev and replacement rdev. However, if the read I/O fails, recoveryrequestwrite returns...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: gve: Implement gettimex64 with -EOPNOTSUPP. At this time, gve has implemented a ptpclock that exclusively uses doAuxWork. ptpClockgettime and ptpSysoffset assume that every ptpclock has implemented either gettimex64 or...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fixed an issue with error unwinding of XDP initialization. When initializing XDP in virtnetopen, some rq xdp initializations may encounter errors, resulting in failed network device openings. However, previous rqs have...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: accel: kxcjk-1013: Fixed a possible memory leak in the probe function by removing the data-dreadytrig condition. When the ACPI type is ACPISMO8500, data-dreadytrig will not be set, and the memory allocated by...
Astra Linux – Vulnerability in libcaca
A flaw was discovered in libcaca. A buffer overflow in the export.c file, specifically in the exporttroff function, may lead to memory corruption and other potential issues...
Astra Linux – Vulnerability in nss
NSS has demonstrated timing differences during the execution of DSA signatures, which can be exploited and may eventually lead to the leakage of private keys. This vulnerability affects Thunderbird versions 68.9.0, Firefox versions 77, and Firefox ESR versions 68.9...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: afs: Fixed page leak There is a loop in afaxtendwriteback that adds extra pages to the write operation. We want to improve the efficiency of this write-back process by making the write operation larger. However, this loop stops i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: SELinux: The use of both GFPKERNEL and GFPATOMIC in convertcontext was enabled. The following warning was triggered in a hardware environment: SELinux: Converting 162 SID table entries... BUG: The sleeping function was called...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: afs: Fixed the delayed allocation of a cell’s anonymous key. The allocation of a cell’s anonymous key is performed in a background thread, along with other cell-related operations such as making DNS calls. In the reported bug, th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: Do not clobber swpentryt during THP split. The following issue was observed when running stress mmap since the commit b653db77350c: “mm: Clear page-private when splitting or migrating a page.” Watchdog: BUG: Soft...
Astra Linux – Vulnerability in Firefox and Thunderbird
Due to a sequence of events controlled by the attacker, a JavaScript alert dialog with arbitrary although unstyled contents could be displayed over an uncontrolled web page of the attacker’s choice. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
Astra Linux – Vulnerability in Firefox and Thunderbird
By misusing a race in our notification code, an attacker could have forcibly hide notifications for pages that had received full-screen and pointer-lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fixed a race condition in nfslocalopenfh. Once the clp-cluuid.lock is dropped, another CPU may come in and free the struct nfsdfile that was just added. To prevent this from happening, take the RCU read lock before...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox URL bar via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 91.0.4472.77, using Tab Strip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb – fixed a reference leak when pmruntimegetsync fails. The PM reference count is not expected to be incremented upon a return from the functions imgi2cxfer and imgi2cinit. However, pmruntimegetsync will still incremen...
Astra Linux – Vulnerability in Linux 5.10, Linux
An incorrect read request flaw was detected in the Infrared Transceiver USB driver within the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could exploit this flaw to deplete system resources, resulting in a denial of service or potentially causing the...
Astra Linux – Vulnerability in Linux 5.10
A issue was discovered in the Linux kernel through version 5.16-rc6. In the file mtkvcodecfwvpuinit located in drivers/media/platform/mtk-vcodec/mtkvcodecfwvpu.c, there is a lack of check for the return value of devmkzalloc. This could lead to a null pointer dereferencing...
Astra Linux – Vulnerability in Chromium
Before version 104.0.5112.79, using "use after free" in the Input component in Google Chrome on the Chrome OS allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through those interactions...
Astra Linux – Vulnerability in Chromium
Before version 100.0.4896.88, using tab groups in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of "after free" in Blink in Google Chrome before version 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof the security UI through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in cups
The vulnerability of the cupsSNMPStringToOID function in the CUPS printing server is related to the escape from the global buffer. Exploiting this vulnerability allows an attacker to access confidential data and also cause service failures...
Astra Linux – Vulnerability in Chromium
Using “after free” in Blink in Google Chrome before version 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A flaw was discovered in KVM. When calling the KVMGETDEBUGREGS ioctl on 32-bit systems, there might be uninitialized portions of the kvm Debugregs structure that could be copied into user space, resulting in an information leak...
Astra Linux – Vulnerability in Chromium
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. Chromium security severity: Medium...
Astra Linux – Vulnerability in Parsec
The vulnerability of the seqempty function in the PARSEC security subsystem is related to the assignment of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of after-free in Swiftshader in Google Chrome before version 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in glib2.0
A issue was discovered in GNOME GLib before version 2.78.5, and also in versions 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added a check for kmemdup. Since kmemdup may return a NULL pointer, it would be better to add a check on the return value to avoid dereferencing a NULL pointer...
Astra Linux – Vulnerability in Zabbix
A authenticated user can create a link containing reflected JavaScript code on its own pages and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: croseccodec: Fixed a refcount leak in croseccodecplatformprobe. The ofparsephandle function returns a node pointer with a refcount incremented; we should use ofnodeput on it when there is no longer a need for it. Add the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fixed a deadlock that occurred when hugetlboptimizevmemmap was enabled. When I performed hard offline tests with hugetlb pages, a deadlock occurred as follows:...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed issues where data was not being charged when msg-sg.size contained more data. In tcpbpfsendverdict: If msg-sg.size contains more data after tcpbpfsendmsgredir: c tcpbpfsendverdict tosend = msg-sg.size...
Astra Linux – Vulnerability in Chromium
Before version 91.0.4472.114, using "use after free" in WebGL in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Python 3.7, Python 2.7
A issue in the urllib.parse component of Python prior to version 3.11.4 allows attackers to bypass blocklisting methods by providing a URL that starts with blank characters...
Astra Linux – Vulnerability in NTP
In NTP versions prior to 4.2.8p14 and 4.3.x before 4.3.100, ntpd allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address. This occurs because transmissions are rescheduled even when a packet lacks a valid origin timestamp...
Astra Linux – Vulnerability in Samba
A flaw was discovered in the way Samba handles file/directory metadata. This flaw allows an authenticated attacker with appropriate permissions to read or modify share metadata, and to perform this operation outside of the share...