18102 matches found
Astra Linux – Vulnerability in libpcap
The sf-pcapng.c file in libpcap before version 1.9.1 does not properly validate the PHB header length before allocating memory...
Astra Linux – Vulnerability in curl
Curl versions 7.21.0 through 7.73.0 are vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing...
Astra Linux – Vulnerability in Linux, Linux 5.10
In socksocknested of sock.c, there is a potential exploit after the free function due to a race condition. This could lead to a local escalation of privileges, as the execution privileges required by the system are involved. User interaction is not required for this exploitation. Product: Android...
Astra Linux – Vulnerability in Tiff
In the libtiff 4.3.0 version of tiffcp, an accessible assertion allows attackers to cause a denial-of-service attack through a crafted tiff file. For users who compile libtiff from source code, this fix is available in the commit 5e180045...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the hsofreenetdevice function in drivers/net/usb/hso.c calls unregisternetdev from version 5.13.4 onwards, without checking the NETREGREGISTERED status. This leads to a use-after-free and a double-free...
Astra Linux – Vulnerability in Linux
The net/nfc/llcpsock.c file in the Linux kernel before version 5.12.10 allowed local unprivileged users to cause a denial of service by making a getsockname call after a certain type of failure in a bind call. This vulnerability results in a NULL pointer dereference and other bugs...
Astra Linux – Vulnerability in Linux
A out-of-bounds memory read flaw was discovered in the Qualcomm IPC router protocol within the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, resulting in a system crash or the leakage of internal kernel information. The greatest threat posed ...
Astra Linux – Vulnerability in lxml
A XSS vulnerability was discovered in the clean module of python-lxml’s versions prior to 4.6.3. When the “safe attrsOnly” and “forms” arguments are disabled, the Cleaner class does not remove the “formaction” attribute, allowing JavaScript to bypass the sanitizer. A remote attacker could exploit...
Astra Linux – Vulnerability in OpenLDAP
In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...
Astra Linux – Vulnerability in Linux, BlueZ
In the Bluetooth Core Specification 2.1 through 5.2, Bluetooth LE and BR/EDR secure pairing mechanisms may allow a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflecting the public key and the authentication evidence of...
Astra Linux – Vulnerability in Linux
A issue was discovered in the kernel of NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated with the AP. This could be exploited in Wi-Fi networks to launch denial-of-service attacks against connected clients, and it...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in the renesasusb3remove function in drivers/usb/gadget/udc/renesasusb3.c...
Astra Linux – Vulnerability in Golang-1.19
The go command may execute arbitrary code during compilation when using cgo. This can occur when running “go get” on a malicious module, or when running any other command that compiles unauthorized code. This issue can be triggered by linker flags, specified via the cgo LDFLAGS directive. Flags...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A out-of-bounds write vulnerability was discovered in the Linux kernel’s SLIMpro I2C device driver. The userspace variable “data-block0” was not bounded to a value between 0 and 255; instead, it was used as the size for a memcpy operation, potentially leading to data writing beyond the bounds of...
Astra Linux – Vulnerability in Linux, Linux 5.15
When SMT is enabled, certain AMD processors may speculateively execute instructions using a target from the sibling thread after a SMT mode switch, which may potentially lead to information disclosure...
Astra Linux – Vulnerability in libssh2
A vulnerability was discovered in the function libssh2packetadd in libssh2 1.10.0, allowing attackers to access out-of-bound memory...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free software available as a ready-to-run binary distribution or as source code that you can use, copy, modify, and distribute in both open and proprietary applications. In affected versions, Postscript files may be read and written when specifically excluded by a module policy in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4...
Astra Linux – Vulnerability in Firefox
An invalid downcast from nsHTMLDocument to nsIContent could result in undefined behavior. This vulnerability affects Firefox versions earlier than 110...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, NSS
An attacker could create a PKCS 12 certificate bundle in a way that allows arbitrary memory writes through the mishandled Safe Bag attributes of PKCS 12. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
Astra Linux – Vulnerability in Wireshark
A memory leak occurs in the NFS dissector in Wireshark versions 4.0.0 to 4.0.2, and 3.6.0 to 3.6.10. This issue may lead to denial of service through packet injection or with specially crafted capture files...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel before version 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allowed an unprivileged user to trigger a denial of service system crash through a crafted traffic control configuration set up using the "tc qdisc" and "tc class" commands. This issue affect...
Astra Linux – Vulnerability in imagemagick
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow vulnerabilities...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability, classified as critical, has been discovered in the Linux kernel. The issue affects the tsttimer function in the drivers/atm/idt77252.c file of the IPsec component. This vulnerability allows for manipulation leading to memory corruption after the function is freed. It is recommend...
Astra Linux – Vulnerability in openjdk-11, bcel
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
Astra Linux – Vulnerability in Wireshark
A crash in the PVFS protocol dissector in Wireshark versions 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved state management. This issue is fixed in tvOS 15.5, iOS 15.5, iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, and Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in TIF format
Multiple heap buffer overflows in the tiffcrop.c utility within the libtiff library version 4.4.0 allow attackers to trigger unsafe or out-of-bounds memory access through a crafted TIFF image file. This could lead to application crashes, potential information disclosure, or other context-dependen...
Astra Linux – Vulnerability in curl
When curl is used to retrieve and parse cookies from an HTTPS server, it accepts cookies using control codes that, when sent back to an HTTP server later, may cause the server to return 400 responses. This effectively allows a “sister site” to deny service to all other sibling sites...
Astra Linux – Vulnerability in Vim
Stack-based Buffer Overflow in the GitHub repository for vim/vim before version 9.0.0598...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow in the GitHub repository vim/vim before version 9.0.0483...
Astra Linux – Vulnerability in Vim
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404...
Astra Linux – Vulnerability in sudo
In Sudo version 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a non-existent user by executing sudo with a numerical UID that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability, as executing a command via sudo a...
Astra Linux – Vulnerability in Linux, Linux 5.10
There is a use-after-free vulnerability in the ALSA PCM package within the Linux kernel. The SNDRVCTLIOCTLELEMREAD|WRITE32 function lacks locks that could be exploited in a use-after-free situation, potentially leading to an escalation of privileges to gain ring0 access from the system user. We...
Astra Linux – Vulnerability in Wireshark
A crash in the CMS protocol dissector in Wireshark versions 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Linux 5.10, Linux
When sending malicious data to the kernel using the ioctl cmd FBIOPUTVSCREENINFO, the kernel will write data beyond the allocated memory boundaries...
Astra Linux – Vulnerability in Vim
NULL pointer dereferencing in the GitHub repository for vim/vim before version 9.0.0224...
Astra Linux – Vulnerability in Firefox and Thunderbird
When resolving a symbolic link such as file:///proc/self/fd/1, an error message may be generated if the symbolic link resolves to a string containing uninitialized memory in the buffer. This bug only affects Thunderbird on Unix-based operating systems Android, Linux, MacOS. Windows is unaffected...
Astra Linux – Vulnerability in Linux 5.10
The Linux kernel before version 5.18.13 lacked a clear mechanism for handling the block starting symbol .bss. This allowed Xen PV guest OS users to cause a denial of service or gain privileges...
Astra Linux – Vulnerability in Linux 5.10, Linux
A memory write vulnerability that is outside the bounds of the system’s protection was discovered in the Linux kernel’s Kid-friendly Wired Controller driver. This vulnerability allows a local user to crash the system or potentially escalate their privileges. The issue lies in the bigbenprobe...
Astra Linux – Vulnerability in HAPProxy
A flaw was discovered in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets, leading to an infinite loop and ultimately causing a denial-of-service condition. The most significant threat from this...
Astra Linux – Vulnerability in Linux 5.10, Linux
When setting a font using malicious data via the ioctl command PIOFONT, the kernel will write memory beyond its bounds...
Astra Linux – Vulnerability in Vim
Use of out-of-range pointer offset in the GitHub repository vim/vim before version 8.2.4418...
Astra Linux – Vulnerability in binutils
A issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after multiple recursive calls...
Astra Linux – Vulnerability in Firefox
The return value from gfx::SourceSurfaceSkia::Map wasn’t verified, which could potentially lead to a null pointer dereferencing. This vulnerability affects Firefox versions less than 110...
Astra Linux – Vulnerability in Chromium
Using “after free” in the libavif library in Google Chrome before version 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption through a crafted image file. Chromium security severity: High...
Astra Linux – Vulnerability in HAPProxy
A vulnerability related to information leaks was discovered in HAProxy versions 2.1, 2.2 before 2.2.27, 2.3, and 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, and 2.7 before 2.7.1. There are 5 bytes that are not initialized in the connection buffer when encoding the FCGIBEGINREQUEST...
Astra Linux – Vulnerability in Heimdal
The fix for CVE-2022-3437 involved changing the memcmp function to run in constant time, as well as providing a workaround for a compiler bug by adding comparisons of the result of memcmp with the value “!= 0”. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer MXF File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...