18102 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: usb: smsc75xx: Fixed access to uninitvalue in smsc75xxreadreg syzbot reported the following issues with access to uninitvalue: ===================================================== BUG: KMSAN: uninitvalue in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed a memory leak caused by LZMA global compressed deduplication. When testing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I discovered that some short-lived temporary...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: AppArmor: Avoid crashing when parsing a profile name that is empty. When processing a packed profile in unpackprofile, the string “:samba-dcerpcd” is parsed as a fully qualified name and then passed to aasplitnfqname...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
A use-after-free flaw was discovered in the setupasyncwork function in the KSMBD implementation of the in-kernel Samba server and CIFS services in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed resources...
Astra Linux – Vulnerability in libonig
A issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as fetchrangequantifier in regparse.c, PFETCH is called without checking PEND. This leads to a buffer overflow issue based on the heap mechanism...
Astra Linux – Vulnerability in libonig
A issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function gb18030mbcenclen in the file gb18030.c, a UChar pointer was dereferenced without checking whether it pointed to the end of the matched string. This resulted in a buffer overflow...
Astra Linux – Vulnerability in Vino
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data. This allows remote attackers to cause a denial of service memory consumption or daemon crash by processing a...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in ANGLE in Google Chrome prior to version 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5, and 22.3.1...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in Downloads in Google Chrome prior to version 119.0.6045.105 allowed a remote attacker to obfuscate the security UI through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoided potential UAF in nvmetreqComplete. The implementation of the nvme target-queueresponse operation may free the request passed as an argument. Such an implementation could potentially lead to a use-after-free of the...
Astra Linux – Vulnerability in Firefox
In a non-standard configuration of Firefox, an integer overflow could have occurred due to network traffic possibly under the influence of a local unprivileged web page, resulting in an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebGPU in Google Chrome prior to version 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Using “after free” in WebRTC Perf in Google Chrome before version 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using "After Free" in the Accessibility settings of Google Chrome allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through those interactions...
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using “after free” in Reader Mode in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in ANGLE in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
Failure to correctly record the location of live pointers across wasm instance calls resulted in a garbage collection occurring within the call without tracing those live pointers. This could have led to a use-after-free condition, causing a potentially exploitable crash. This vulnerability affec...
Astra Linux – Vulnerability in Chromium
Before version 96.0.4664.93, using the "after free" mechanism in Google Chrome’s developer tools allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the Linux kernel’s implementation of RDMA over InfiniBand. An attacker with a privileged local account can leak kernel stack information by issuing commands to the /dev/infiniband/rdmacm device node. Although this access is unlikely to reveal sensitive user information, i...
Astra Linux – Vulnerability in Linux, Linux 5.10
A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...
Astra Linux – Vulnerability in unbound
A vulnerability called “Non-Responsive Delegation Attack” NRDelegation Attack has been discovered in various DNS resolution software. The NRDelegation Attack operates by creating a malicious delegation with a significant number of non-responsive name servers. The attack begins by querying a...
Astra Linux – Vulnerability in SQLite
The osunix.c file in SQLite before version 3.13.0 improperly implements the temporary directory search algorithm. This may allow local users to obtain sensitive information, cause a denial of service application crash, or have unspecified other impacts by leveraging the current working directory...
Astra Linux – Vulnerability in Linux, Linux 5.10
A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...
Astra Linux – Vulnerability in Chromium
Integer overflow in PDF files in Google Chrome prior to version 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow in the GitHub repository vim/vim before version 9.0.1225...
Astra Linux – Vulnerability in Linux 5.10, Linux
A issue was discovered in the Linux kernel, specifically in the nfconntrackirc module. In this case, the message handling mechanism can become confusing, and messages may be matched incorrectly. It is possible for a firewall to be bypassed when users use unencrypted IRC with the nfconntrackirc...
Astra Linux – Vulnerability in gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using BZIP decompression. Integer overflow in the Matroskademux element within the BZIP decompression function can cause a segfault, or it may lead to a heap overwrite, depending on the libc and operating system used. Depending on the libc used an...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 106.0.5249.91, writing out-of-bounds data in V8 with Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fixed the issue with xdprxqinfo after suspend/resume. The following sequence currently causes a driver bug warning when using virtionet: bash ip link set eth0 up echo mem /sys/power/state or e.g. rtcwake -s 10 -m mem i...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Commands from recovery entries are freed after a session is closed. This leads to a use-after-free when the commands are freed, or a NPE Non-Programmable Error can occur with such a call trace: Time2Retain...
Astra Linux – Vulnerability in Parsec
The vulnerability of the pdpl-user utility in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Parsec
The vulnerability of the parselevcat function in the PARSEC security subsystem is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability has been identified in the Linux kernel. It has been declared as problematic. The function “followpagepte” in the file “mm/gup.c” of the component BPF is affected by this vulnerability. This manipulation leads to a race condition. The attack can be launched remotely. It is...
Astra Linux – Vulnerability in Linux 5.10, Linux
The non-transparent sharing of return predictor targets between contexts in some Intel processors may allow an authorized user to potentially enable information disclosure through local access...
Astra Linux – Vulnerability in Parsec
The vulnerability of the getoptions function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Linux 5.10
A issue was discovered in the Linux kernel through version 5.16-rc6. The lkdtmARRAYBOUNDS function in drivers/misc/lkdtm/bugs.c lacks a check for the return value of kmalloc, which can lead to a null pointer derefrence...
Astra Linux – Vulnerability in Git
Git, a version control system, is vulnerable to path traversal before versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By providing a crafted input to git apply, it is possible to overwrite paths outside of the working tree, as long as the user running...
Astra Linux – Vulnerability in libxpm
A flaw was discovered in libXpm. When processing files with the .Z or .gz extensions, the library calls external programs to compress and uncompress files. This process relies on the PATH environment variable to locate these programs. This vulnerability could allow a malicious user to execute oth...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2.4436...
Astra Linux – Vulnerability in Linux 5.10
There is a flaw in the Linux kernel’s handling of new TCP connections. The issue arises due to the lack of memory release after the effective lifetime of these connections. This vulnerability allows an unauthenticated attacker to create a denial-of-service condition on the system...
Astra Linux – Vulnerability in gst-plugins-base1.0
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...
Astra Linux – Vulnerability in OVN
A flaw was discovered in Open Virtual Network, where the service monitor MAC does not properly implement rate limiting. This issue could allow an attacker to cause a denial of service, even in deployments with CoPP enabled and properly configured...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebRTC in Google Chrome prior to version 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox
A use-after-free could occur if a JavaScript realm was being initialized when a garbage collection started. This vulnerability affects Firefox versions earlier than 125...
Astra Linux – Vulnerability in Chromium
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/vc4: Do not check if plane-state-fb == state-fb Currently, when using non-blocking commits, the following kernel warnings can be observed: 110.908514 ------------ Cut here ------------ 110.908529 refcountt: Underflow; Use...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fixed some memory leaks in lbsallocatecmdbuffer. In the lbsallocatecmdbuffer function, if the allocation of cmdarrayi.cmdbuf fails, both cmdarray and cmdarrayi.cmdbuf need to be freed. Otherwise, memory leaks will...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channel bits when all channels are found. If a USB audio device sets more bits than the number of channels it supports, it may write data outside of the map array...