18102 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed a memory leak when insertoldidx failed. The following process will cause a memory leak for the copied znode: dirtycowznode zn = copyznodec, znode; err = insertoldidxc, zbr-lnum, zbr-offs; if unlikelyerr return...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf/arm-cmn: Rejects unsupported hardware configurations. So far, we have been fairly lenient in accepting both unknown CMN models at least with a warning, as well as unknown revisions of those models that we do know about...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A mechToken leak was fixed when the SPNEGO decoding failed after the token allocation. The kernel’s ASN.1 BER decoder calls action callbacks incrementally as it processes the input. When ksmbddecodenegTokenInit reaches the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock issues When trace-type.bit6 is set: if trace-type.bit6 ... queue = skbgettxqueuedev, skb; qdisc = rcudereferencequeue-qdisc; This code can lead to an out-of-bounds access of the dev-tx array...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrementing rereceiving on early exit paths In cases where rpcrdmapostrecvs fails to create a work request due to memory allocation failures, for example or exits early, we should decrement ep-rereceiving before...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: pci-epf-vntb: Remove duplicate resource teardown The epfntbepcdestroy function duplicates the teardown that the caller is supposed to perform later. This leads to an error when .allowlink fails, or when .droplink i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: The backing store type is set based on the query type. The bnxthwrmfuncbackingstoreqcapsv2 function stores resp-type from the firmware response in ctxm-type. This value is then used to index fixed backing-store metadata...
Astra Linux – Vulnerability in binutils
A vulnerability has been identified in GNU Binutils 2.45. The affected component is the vfinfo function in the file ldmisc.c. Executing certain manipulations may lead to out-of-bounds read vulnerabilities. This attack can only be executed locally. The exploit has been made available to the public...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fixed a possible Use-after-Allocation UAF in snictgtcreate A warning is reported as follows: drivers/scsi/snic/snicdisc.c:307 snictgtcreate warning: &‘tgt-list’ was not removed from the list If the deviceadd function...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchRules, if imafilterruleMatch returns -ENOENT due to the rule being NULL, the function incorrectly skips the if !rc check and sets result = true. The LSM rule is...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. The QuerySet.annotate, aggregate, and extra methods are vulnerable to SQL injection when column aliases are used, through a crafted dictionary with dictionary expansion as part of the kwargs parameters...
Astra Linux – Vulnerability in Python-Django
In Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1, directory traversal is allowed if the filenames are passed to it directly...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ was used. The FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created during file uploads. It was also not applied to intermediate-level static...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Thunderbolt: Fixed a memory leak in margining. The memory associated with usb4-margining needs to be released for the upstream port of the router. This issue also affects the debugfs directory when the router device is removed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration The lrugenmigratemm function assumes that lrugenaddmm runs before it. This assumption is not true in the following scenario: CPU 1 CPU 2 clone cgroupcanfork cgroupprocswrite...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Memory: renesas-rpc-if – fixed the platform-device leak in the error path. Make sure the flash platform device is freed in case registration fails during the probe...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create the ttmresourcemanager entry in debugfs only if necessary. The driver creates /sys/kernel/debug/dri/0/mobttm even when the corresponding ttmresourcemanager is not allocated. This leads to a crash when trying to...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: We’ve fixed our handling of the situation where refs == 0 in the snapshot delete operation. In reada, there’s a bug where refs == 0 can occur. This could be problematic because we don’t hold a lock on the extent leaf, a...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: “fou”: removed the warning in guegroreceive for unsupported protocols. The warning for guegroreceive is removed if the encapsulated type is unknown or does not have a GRO handler. Such packets can be easily constructed. The Syzbo...
Astra Linux – Vulnerability in Python-Django
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the chars and words methods from django.utils.text.Truncator when used with html=True are susceptible to a potential DoS denial of service attack due to certain inputs containing very long, potentially malformed HTML text. The...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmfmac – Check the count value of the channel specification to prevent out-of-bounds reads This patch fixes out-of-bounds reads in brcmfconstructchaninfo and brcmfenablebw402g, which occur when the count value of the...
Astra Linux – Vulnerability in Python-Django
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload was never supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However, Django’...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Added a null pointer check to pszkmsgread. The kasprintf function returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure. Ensure that the allocation was successful by checking...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: Use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: fixed a memory leak in cachefilesaddcache The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== Unreferenced object...
Astra Linux – Vulnerability in Python-Django
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uritoiri is susceptible to a potential DoS denial of service attack due to certain inputs containing a very large number of Unicode characters...
Astra Linux – Vulnerability in mongo-c-driver
Some MongoDB drivers may incorrectly publish events containing authentication-related data to a command listener configured by an application. These published events may contain security-sensitive data when specific authentication-related commands are executed. If proper care is not taken, an...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 – fixed the use of memory after it is freed in rmiunregisterfunction. The putdevice function calls rmireleasefunction, which frees the “fn” pointer. Therefore, dereferencing fn-numofirqs in the next line...
Astra Linux – Vulnerability in Python-Django
Django versions prior to 2.2.24, 3.x prior to 3.1.12, and 3.2.x prior to 3.2.4 have a potential issue with directory traversal through django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default...
Astra Linux – Vulnerability in Python-Django
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are vulnerable to a ReDoS regular expression denial of service attack due to a very large number of domain name labels for emails and URLs...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are vulnerable to SQL injection if untrusted data is used as a kind/lookupname value. Applications that restrict the choice of lookup names and kinds to a known safe list are not...
Astra Linux – Vulnerability in Node.js
Node.js versions prior to 16.6.1, 14.17.5, and 12.22.5 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ was used. The intermediate-level directories of the filesystem cache had the system’s standard umask instead of 0o077...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libbpf: Use of the OPTSSET macro in bpfxdpquery When the featureFlags and xdpzcmaxsegs fields were added to the libbpf bpfxdpQueryOpts structure, the code that wrote these fields did not use the OPTSSET macro. This causes libbpf ...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: bpf, testrun: Fixed an alignment issue in bpfprogtestrunskb. We encountered a syzkaller issue due to an alignment fault for aarch64 architectures when KFENCE is enabled. When the size provided by the user’s bpf program is an o...
Astra Linux – Vulnerability in libjettison-java
Those who use Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to out-of-memory conditions. This vulnerability could potentially allow for...
Astra Linux – Vulnerability in poppler-22, poppler
In Poppler 22.07.0, the PDFDoc::savePageAs function in PDFDoc.c allows attackers to cause a denial-of-service attack the application crashes with SIGABRT by manipulating a PDF file in which the xref data structure is improperly handled during the getCatalog process. Note that this vulnerability i...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Shadow
A vulnerability was discovered in Shadow 4.5. The newgidmap function part of shadow-utils is setuid, allowing an unprivileged user to be placed in a user namespace where setgroups2 is allowed. This enables an attacker to remove themselves from a supplementary group, potentially granting them acce...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Binder: Fixed a UAF Use-After-Free vulnerability caused by overwriting offset fields. Binder objects are processed and copied individually into the target buffer during transactions. Any raw data between these objects is also...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Cyclic allocation of msgid to avoid reuse. Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed, resulting in a hung task, as shown below: t1 | t2 | t3...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the issue where a tainted pointer was deleted instead of the previously created rules when the flow rule creation failed. This issue occurs when the mlx5lagcreateportseltable function fails to create flow rules...
Astra Linux – Vulnerability in Chromium
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the isotprcv function, there is a potential issue where race conditions may occur during CAN frame reception. When receiving a CAN frame, the current code logic does not take into account processes that are not actually runnin...
Astra Linux – Vulnerability in openimageio
There is an information disclosure vulnerability in the IFFOutput channel interleaving functionality of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to the leakage of heap data. An attacker can provide malicious input to trigger th...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A flaw was discovered in the Netfilter subsystem of the Linux kernel. The issue lies with the nftbyteordereval function, where the code iterates through an loop and writes to the dst array. In each iteration, 8 bytes are written, but dst is an array of u32 values; therefore, each element in the...
Astra Linux – Vulnerability in Linux, Linux 5.10
Incomplete cleanup of microarchitectural fill buffers on some Intel processors may allow an authenticated user to potentially enable information disclosure via local access...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix lockup on kernel exec fault The powerpc kernel is not prepared to handle exec faults from the kernel. In particular, the function isexecfault will return ‘false’ when an exec fault is encountered by the kernel,...
Astra Linux – Vulnerability in libjackson-json-java
A deserialization flaw was discovered in the Jackson-Databind library in versions prior to 2.8.10 and 2.9.1. This flaw could allow an unauthenticated user to execute arbitrary code by sending maliciously crafted input to the readValue method of the ObjectMapper class. This issue extends the...