18102 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: usb: smsc75xx: Fixed access to uninitvalue in smsc75xxreadreg syzbot reported the following issues with access to uninitvalue: ===================================================== BUG: KMSAN: uninitvalue in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed a memory leak caused by LZMA global compressed deduplication. When testing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I discovered that some short-lived temporary...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: AppArmor: Avoid crashing when parsing a profile name that is empty. When processing a packed profile in unpackprofile, the string “:samba-dcerpcd” is parsed as a fully qualified name and then passed to aasplitnfqname...
Astra Linux – Vulnerability in ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was detected within the smsdecodeaddressfield function during the SMS PDU decoding process. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, ...
Astra Linux – Vulnerability in Linux 5.15
A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue arises from the lack of proper locking when performing operations on an object. An attacker can...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
A use-after-free flaw was discovered in the setupasyncwork function in the KSMBD implementation of the in-kernel Samba server and CIFS services in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed resources...
Astra Linux – Vulnerability in libonig
A issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as fetchrangequantifier in regparse.c, PFETCH is called without checking PEND. This leads to a buffer overflow issue based on the heap mechanism...
Astra Linux – Vulnerability in libonig
A issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function gb18030mbcenclen in the file gb18030.c, a UChar pointer was dereferenced without checking whether it pointed to the end of the matched string. This resulted in a buffer overflow...
Astra Linux – Vulnerability in Vino
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data. This allows remote attackers to cause a denial of service memory consumption or daemon crash by processing a...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in ANGLE in Google Chrome prior to version 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5, and 22.3.1...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in Downloads in Google Chrome prior to version 119.0.6045.105 allowed a remote attacker to obfuscate the security UI through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of after-free in Cast in Google Chrome before version 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoided potential UAF in nvmetreqComplete. The implementation of the nvme target-queueresponse operation may free the request passed as an argument. Such an implementation could potentially lead to a use-after-free of the...
Astra Linux – Vulnerability in Firefox
In a non-standard configuration of Firefox, an integer overflow could have occurred due to network traffic possibly under the influence of a local unprivileged web page, resulting in an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the Linux kernel’s KVM when attempting to set the SynIC IRQ. This issue allows a malfunctioning VMM to write to the SYNIC/STIMER MSRs, leading to a NULL pointer derefrence error. This flaw enables an unprivileged local attacker on the host to issue specific ioctl calls,...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebGPU in Google Chrome prior to version 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Using “after free” in WebRTC Perf in Google Chrome before version 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using "After Free" in the Accessibility settings of Google Chrome allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through those interactions...
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using “after free” in Reader Mode in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In Web packaging using "use after free" in Google Chrome, before version 97.0.4692.99, it was possible for a remote attacker to exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in ANGLE in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
Failure to correctly record the location of live pointers across wasm instance calls resulted in a garbage collection occurring within the call without tracing those live pointers. This could have led to a use-after-free condition, causing a potentially exploitable crash. This vulnerability affec...
Astra Linux – Vulnerability in Chromium
Before version 96.0.4664.93, using the "after free" mechanism in Google Chrome’s developer tools allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the Linux kernel’s implementation of RDMA over InfiniBand. An attacker with a privileged local account can leak kernel stack information by issuing commands to the /dev/infiniband/rdmacm device node. Although this access is unlikely to reveal sensitive user information, i...
Astra Linux – Vulnerability in Linux, Linux 5.10
A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...
Astra Linux – Vulnerability in unbound
A vulnerability called “Non-Responsive Delegation Attack” NRDelegation Attack has been discovered in various DNS resolution software. The NRDelegation Attack operates by creating a malicious delegation with a significant number of non-responsive name servers. The attack begins by querying a...
Astra Linux – Vulnerability in Chromium
In Blink in Google Chrome prior to version 91.0.4472.77, a remote attacker could bypass the content security policy by using a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux – Vulnerability in SQLite
The osunix.c file in SQLite before version 3.13.0 improperly implements the temporary directory search algorithm. This may allow local users to obtain sensitive information, cause a denial of service application crash, or have unspecified other impacts by leveraging the current working directory...
Astra Linux – Vulnerability in Linux, Linux 5.10
A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...
Astra Linux – Vulnerability in Chromium
Integer overflow in PDF files in Google Chrome prior to version 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Type Confusion in the ServiceWorker API of Google Chrome prior to version 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow in the GitHub repository vim/vim before version 9.0.1225...
Astra Linux – Vulnerability in Linux 5.10, Linux
A issue was discovered in the Linux kernel, specifically in the nfconntrackirc module. In this case, the message handling mechanism can become confusing, and messages may be matched incorrectly. It is possible for a firewall to be bypassed when users use unencrypted IRC with the nfconntrackirc...
Astra Linux – Vulnerability in gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using BZIP decompression. Integer overflow in the Matroskademux element within the BZIP decompression function can cause a segfault, or it may lead to a heap overwrite, depending on the libc and operating system used. Depending on the libc used an...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 106.0.5249.91, writing out-of-bounds data in V8 with Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fixed the issue with xdprxqinfo after suspend/resume. The following sequence currently causes a driver bug warning when using virtionet: bash ip link set eth0 up echo mem /sys/power/state or e.g. rtcwake -s 10 -m mem i...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fixed the erroneous cleanup order. There is a logical error when removing the rt5645 device. The function rt5645i2cremove first cancels the &rt5645-jackdetectwork and then deletes the &rt5645-btnchecktimer. However,...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Commands from recovery entries are freed after a session is closed. This leads to a use-after-free when the commands are freed, or a NPE Non-Programmable Error can occur with such a call trace: Time2Retain...
Astra Linux – Vulnerability in Parsec
The vulnerability of the pdpl-user utility in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Parsec
The vulnerability of the parselevcat function in the PARSEC security subsystem is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability has been identified in the Linux kernel. It has been declared as problematic. The function “followpagepte” in the file “mm/gup.c” of the component BPF is affected by this vulnerability. This manipulation leads to a race condition. The attack can be launched remotely. It is...
Astra Linux – Vulnerability in Linux 5.10, Linux
The non-transparent sharing of return predictor targets between contexts in some Intel processors may allow an authorized user to potentially enable information disclosure through local access...
Astra Linux – Vulnerability in Parsec
The vulnerability of the getoptions function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Linux 5.10
A issue was discovered in the Linux kernel through version 5.16-rc6. The lkdtmARRAYBOUNDS function in drivers/misc/lkdtm/bugs.c lacks a check for the return value of kmalloc, which can lead to a null pointer derefrence...