18102 matches found
Astra Linux – Vulnerability in SQLite3
The ext/fts3/fts3.c file in SQLite before version 3.32.0 contains a use-after-free in the fts3EvalNextRow function, which is related to the snippet feature...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not erase the value of ret in btrfsvalidatesuper. Commit 2a9bb78cfd36 “btrfs: validate the system chunk array in btrfsvalidatesuper” introduces a call to validatesyschunkarray in btrfsvalidatesuper, which erases the val...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: usb:dwc2: Fixed a memory leak in dwc2hcdinit. usbcreatehcd will allocate memory for hcd, and we should call usbputhcd to free that memory when platformgetresource fails—this prevents the memory leak. The code has been modified to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix for suspend/resume behavior. Disabling the cache in commit 2ff4ba9e3702 “clk: rs9: Fix for I2C accessors” without removing cache synchronization in the resume path results in a kernel panic, as map-cacheops is unset...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/drv: Fixed a potential memory leak in drmdevinit. drmdevinit will add drmdevinitrelease as a callback. When drmmaddaction fails, the release function will not be added. As a result, the refcnt added by deviceget in...
Astra Linux – Vulnerability in WebKit2GTK
In WebKitGTK up to 2.36.0 and WPE WebKit, there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: moxart: fixed potential use-after-free when removing a path. It was reported that the mmc host structure could be accessed after it was freed in moxartremove. Therefore, this issue was addressed by saving the base register of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: LAG, fixed the logic for MLX5LAGFLAGNDEVSREADY Set MLX5LAGFLAGNDEVSREADY only if both devices are registered. This ensures that both ldev-pfMLX5LAGP0.dev and ldev-pfMLX5LAGP1.dev have valid pointers when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the issue where the timer for starting a call race against the destruction of the call occurred. The rxrpccall structure contains a timer used to handle various timed events related to a call. This timer can be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: tee: amdtee: fixed an issue where ISERR returned NULL instead of an error pointer. The getfreepages function does not return error pointers; it returns NULL instead. Therefore, this condition needs to be corrected to avoid NUL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fixed UAF in ep93xxclkregistergate arch/arm/mach-ep93xx/clock.c:154:2: Warning: Use of memory after it is freed clang-analyzer-unix.Malloc arch/arm/mach-ep93xx/clock.c:151:2: Note: Taking a true branch if ISERRclk ...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: fbdev: smscufx: Fixed several use-after-free bugs. Multiple types of UAFs Use-After-Free errors can occur when physically removing a USB device. The function ufxopsdestroy has been added to the .fbdestroy of the fbops structur...
Astra Linux – Vulnerability in Mariadb 10.3
It has been discovered that MariaDB Server v10.9 and earlier contains a use-after-free issue due to the Binarystring::freebuffer function at the /sql/sqlstring.h component...
Astra Linux – Vulnerability in Linux 5.15
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: The pointer used to track HVS FIFO operations was cleared after the operation was completed. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait for previous FIFO users before committing” introduced a mechanism for waiting for...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set ubuf-sg = NULL if the creation of the sg table fails. When the user space attempts to map the dmabuf, and for some reason e.g., OOM, the creation of the sg table fails, ubuf-sg needs to be set to NULL. Otherwise, whe...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.11 contains a heap buffer overflow issue, due to the use of the derivecollocatedmotionvectors function in the motion.cc file...
Astra Linux – Vulnerability in mbedtls
Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the net, neigh module, do not trigger immediate probes on NUDFAILED from neighmanagedwork. The syzkaller was able to trigger a deadlock for NTFMANAGED entries: - kworker/0:16/14617 is trying to acquire a lock: fffffffff8d4dd37...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: The FPU state is invalidated after a failed XRSTOR operation from a user buffer. Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with PF, but they have nonetheless changed the state of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: acomp – Fixed CFI failures due to type punning. To avoid crashes when control flow integrity is enabled, ensure that the workspace “stream” uses a consistent type for function calls, and invoke functions through a functio...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RSS context deletion logic We need to free the corresponding RSS context VNIC in the framework FW every time an RSS context is deleted in the driver. Commit 667ac333dbb7 added a check to delete the VNIC in the...
Astra Linux – Vulnerability in gpac
A vulnerability was discovered in GPAC version 2.4. It has been rated as problematic. The affected function is gfdashdownloadinitsegment in the file src/mediatools/dashclient.c. Manipulating the baseiniturl argument leads to a null pointer dereference. This attack can be launched remotely. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Split the initial and dynamic conditions for extentcache. We need to allocate the extentcache tree without dynamic conditions to avoid a panic caused by a missing condition as described below. Create a file with a...
Astra Linux - уязвимость в tomcat9
There is a vulnerability in Apache Tomcat known as “Allocation of Resources Without Limits or Throttling”. This issue affects Apache Tomcat versions ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, and from 9.0.0.M1 to 9.0.117. Older, unsupported versions may also be affected. It is...
Astra Linux - уязвимость в tomcat9
There is a vulnerability related to improper input validation in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, and 10.0.0-M1 through 10.0.27. Older, end-of-support versions may also be affected...
Astra Linux – Vulnerability in Qemu
QEMU 5.0.0 has a heap-based Buffer Overflow in the flatviewreadcontinue function in exec.c, as hw/sd/sdhci.c improperly handles a write operation in the SDHCBLKSIZE case...
Astra Linux - уязвимость в tomcat9
CLIENTCERT authentication does not fail as expected in some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: versions from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, and from 9.0.92 through 9.0.116. Users are recommended to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup of the mana struct after debugfsremove When hibernation is triggered on a MANA VM, as part of hibernatesnapshot, managdsuspend and managdresume are called. If a failure occurs during managdresume related to HWC...
Astra Linux – Vulnerability in libconvert-asn1-perl
Perl-Convert-ASN1 also known as the Convert::ASN1 module for Perl up to version 0.27 allowed remote attackers to create an infinite loop due to unexpected inputs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: pmdomain: arm: Fixed NULL dereference upon removal of scmiperfdomain When the scmiperfdomain module was unloaded, a segmentation fault occurred. In the test system provided to the system under test, the power-domain-cells...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘tty: ngsm: fix UAF in gsmcleanupmux’” This reversion involves commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The above commit was reverted because it did not solve the original issue. The function gsmcleanupmux attempt...
Astra Linux – Vulnerability in Node.js
Node.js versions prior to 16.6.1, 14.17.5, and 12.22.5 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Buffer size aligned upwards. The hardware can support any image size, WxH, with arbitrary values for W image width and H image height. The buffer size is aligned upwards for both the encoder and the decoder, whil...
Astra Linux – Vulnerability in node-y18n
The package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear the FFR context field in streaming SVE mode The FFR is a predicate register whose size can range from 16 to 256 bits, depending on the configured vector length. When saving the SVE state in streamin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: Set UXN on swapper page tables This issue was accidentally fixed upstream via c3cee924bd85 "arm64: head: cover the entire kernel image in the initial ID map", as part of a major refactoring of the arm64 boot process. This...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the mech token during session setup. If a client sends an invalid mech token in a session setup request, ksmbd validates it and reports an error if the token is invalid...
Astra Linux – Vulnerability in ffmpeg5
The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through the libavfilter/avfshowspectrum.c:1789:52 component in showspectrumpicrequestframe...
Astra Linux – Vulnerability in Yard
Path traversal is possible before version 0.9.20...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: hi846: Fixed a memory leak in hi846initcontrols The hi846initcontrols function does not clean up the allocated ctrlhdlr resources in case of a failure, which leads to a memory leak. Added v4l2ctrlhandlerfree to properly fr...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, Safari 16.6, iOS 15.8.7, and iPadOS 15.8. Processing maliciously crafted web content may lead to memory corruption...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: selinux: Added a boundary check in putentry Just like nextentry, a boundary check is necessary to prevent memory access out of bounds...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/namespace: The reference leak in grabrequestedmntns has been fixed. lookupmntns already takes a reference to mntns. grabrequestedmntns does not need to take an additional reference...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Avoid referencing uninitialized memory in ath9kwmictrlrx. For the same reasons described in commit b383e8abed41 “Wifi: ath9k – Avoid uninitialized memory reading in ath9khtcrxmsg”, ath9khtcrxmsg should validate the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The hooks related to netdev are always released after the notifier is removed. This resolves the issue where, when a veth device is released, the veth release callback also queues the peer netns device for...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: Fixed a deadlock issue when externellb and reset are executed together. When externellb and reset are executed together, a deadlock may occur: 3147.217009 INFO: Task kworker/u321:0:7 was blocked for more than 120...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: Fixed a block leak of the percpu counter on the error path when creating new netns. This issue occurs at the stack location where the percpu counter block is allocated: +- ip6tregistertable +- translatetable...