18102 matches found
Astra Linux – Vulnerability in gmp
The GNU Multiple Precision Arithmetic Arithmetic Library GMP version up to 6.2.1 has an integer overflow issue in the mpz/inpraw.c file, which can lead to a buffer overflow due to malicious input. This results in a segmentation fault on 32-bit platforms...
Astra Linux – Vulnerability in Wireshark
Large loops in multiple protocol dissectors in Wireshark versions 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture files...
Astra Linux – Vulnerability in libgsf
There is an integer overflow vulnerability in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can lead to an integer overflow when processing the directory from the file, allowing an out-of-bounds ind...
Astra Linux – Vulnerability in emacs
In Emacs versions before 29.3, LaTeX preview is enabled by default for e-mail attachments...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out-of-bounds access when parsing CPC data If the NumEntries field in the CPC return packet is less than 2, do not attempt to access the “Revision” element of that packet, because it may not be present at that...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed execution with unnecessary privileges. The -oP option is available to the exim user, and it could lead to a denial of service, as files owned by root could be overwritten...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allows exposure of file descriptors to an unintended control sphere, because rdainterpret uses a privileged pipe without the closeonexec flag...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the putweightedbipred16fallback function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow vulnerability in the putepel16fallback function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed execution with unnecessary privileges. Since Exim operates as root in the spool directory owned by a non-root user, an attacker could write to the /var/spool/exim4/input spool header file. A crafted recipient address in that file could indirectly lead to command...
Astra Linux – Vulnerability in f2fs-tools
There is an exploitable information disclosure vulnerability in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel version up to 6.1.9, there is a use-after-free issue in the bigbenremove function within the drivers/hid/hid-bigbenff.c file, caused by a crafted USB device. This issue arises because the LED controllers remain registered for an excessively long period of time...
Astra Linux – Vulnerability in fluidsynth
Fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, which can be triggered when loading an invalid SoundFont file...
Astra Linux – Vulnerability in Chromium
Before version 103.0.5060.53, using the "after free" mechanism in Core in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed execution with unnecessary privileges. Since Exim operates as root in the log directory which is owned by a non-root user, a symlink or hard link attack could allow overwriting of critical root-owned files anywhere in the filesystem...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper neutralization of line delimiters. Local users can alter the behavior of root processes because a recipient address may contain a newline character...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw resides in the processing o...
Astra Linux – Vulnerability in Vim
NULL pointer dereferencing in the GitHub repository for vim/vim before version 8.2.4959...
Astra Linux – Vulnerability in Vim
“Buffer over-reading” in the grabfilename function in the GitHub repository’s Vim/Vim version prior to 8.2.4956. This vulnerability could cause the software to crash, lead to memory modifications, and may allow for remote execution...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a global buffer overflow in the decodeCABACbit function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in f2fs-tools
There is an exploitable code execution vulnerability in the multi-device functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to information overwriting, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allows Heap-based Buffer Overflows because it mishandles the "-F’.‘” syntax on the command line. This may allow privilege escalation from any user to root. This issue occurs due to the incorrect interpretation of negative sizes in the strncpy function...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the mcchroma function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the mcluma function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the ffhevcputunweightedpred8sse function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the putqpel00fallback16 function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in fig2dev
Fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed integer overflow to lead to a buffer overflow in the receiveaddrecipient function, through an email message with fifty million recipients. NOTE: Remote exploitation might be difficult due to resource consumption...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper initialization issue that can lead to recursive stack consumption or other consequences. This occurs because the use of certain getc functions is handled incorrectly when a client uses BDAT instead of DATA...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed Use After Free in smtpreset in certain situations that might be common in builds using OpenSSL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferes t after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory has...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile does not initialize the aiocmd-iocb for the kiwritestream. When the writecommand fdexecuterwaio is executed, we may receive an invalid value for kiwritestream,...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in Golang-1.19
Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/TLS clients, as well as servers that have Config.ClientAuth set to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default...
Astra Linux – Vulnerability in SQLite3
A flaw was discovered in SQLite’s SELECT query functionality src/select.c. This flaw allows an attacker who is capable of executing SQL queries locally on the SQLite database to cause a denial of service or potentially lead to code execution by triggering a use-after-free. The most significant...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: appletbkbd: fixed a “slab-use-after-free” bug in appletbkbdprobe. In the probe function appletbkbdprobe, an instance of “struct appletbkbd kbd” is allocated using devmkzalloc to store touch-bar keyboard-related data. Later, ...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in ANGLE in Google Chrome prior to version 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Thunderbird, Firefox
By confusing the browser, the fullscreen notification could have been delayed or suppressed, leading to potential user confusion or spoofing attacks. This vulnerability affects Firefox versions earlier than 108...
Astra Linux – Vulnerability in libvirt
A flaw was discovered in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, leading to a race condition and a denial of service when attempting to lock the same object from another thread. This issue could cause clients connecting to the read-only socket ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Failure to set the dormant flag on the hook register We need to set the dormant flag again if we fail to register the hooks. During memory pressure, hook registration may fail, resulting in a table being...
Astra Linux – Vulnerability in hdf5
A vulnerability classified as problematic was discovered in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb in the file src/H5FScache.c. The exploitation of this vulnerability leads to a heap-based buffer overflow. Local access is required to carry out this attack. T...
Astra Linux – Vulnerability in node-cipher-base
There is a vulnerability in improper input validation in the cipher-base module, which allows for manipulation of input data. This issue affects cipher-base version 1.0.4...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in opensc
A vulnerability was discovered in OpenSC. This security flaw causes a buffer overflow vulnerability in the cardoshaveverifyrcpackage function. An attacker can provide a smart card package with malformed ASN1 data. The cardoshaveverifyrcpackage function scans the ASN1 buffer for two tags, but the...
Astra Linux – Vulnerability in Firefox and Thunderbird
If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files are not properly deleted when the window is closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Astra Linux – Vulnerability in Firefox and Thunderbird
The JIT compiler generated incorrect code for arguments in certain cases. This led to potential use-after-free errors during garbage collection. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
Astra Linux – Vulnerability in Chromium
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 122. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of Firefox prior to 123...
Astra Linux – Vulnerability in PostgresSQL 11
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...