18095 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: AppArmor: Fixed the issue where an unprivileged local user could perform privileged policy management. An unprivileged local user can load, replace, and remove policies by opening the AppArmor interfaces. This can be achieved...
Astra Linux – Vulnerability in WebKit2GTK
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5, and iPadOS 18.7.5; iOS 26.3, and iPadOS 26.3; macOS Tahoe 26.3; and visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux – Vulnerability in WebKit2GTK
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3. A website may be able to track users through Safari web extensions...
Astra Linux – Vulnerability in libpng1.6
LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each act as aliases for a heap-allocated buffer between pngstruct and pnginfo. This buffer shares a...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, the gdisurfacebits function processed SURFACEBITSCOMMAND messages sent by the RDP server. When these commands were processed using NSCodec, the bmp.width and bmp.height values provided by the server were not...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP – Fixed issue where multiple L2CAPECREDCONNREQUESTs were accepted. Currently, the code attempts to accept requests regardless of the command identifier. This can result in multiple requests being marked as pendin...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5, and iPadOS 18.7.5; iOS 26.3 and iPadOS 26.3; macOS Tahoe 26.3; tvOS 26.3; visionOS 26.3; and watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: AppArmor: Fix: Limit the number of levels of policy namespaces. Currently, the number of policy namespaces is not bounded, relying on the user namespace limit. However, policy namespaces are not strictly tied to user namespaces,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: AppArmor: The recursive approach used for removing profiles has been replaced with an iterative one. The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Processing maliciously crafted web content may cause an unexpected Safari crash...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, the function freerdpbitmapdecompressplanar did not validate the parameters nSrcWidth/nSrcHeight against the values of planar-maxWidth/maxHeight before performing the RLE decompression. A malicious server cou...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2, and iPadOS 18.7.2; iOS 26.2 and iPadOS 26.2; macOS Tahoe 26.2; visionOS 26.2; and watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Uninitialized memory in the Graphics:Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1, and Thunderbird 149.0.1. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1, and Thunderbird 149.0.1. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148, and Thunderbird 148. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Firefox and Thunderbird
Bypass of mitigation mechanisms in the Networking: HTTP component. This vulnerability has been fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...
Astra Linux – Vulnerability in libexif
In libexif versions up to 0.6.25, a integer underflow in size checking for Fuji and Olympus MakerNote decoding could be exploited by attackers to cause programs that use libexif to crash or leak information...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ALSA: mixer: OSS: Add card disconnection checkpointes The ALSA OSS mixer layer calls the kcontrol ops individually. Pending calls might not always be detected when the device is disconnected. To avoid potential UAF...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5, and iPadOS 18.7.5; iOS 26.3 and iPadOS 26.3; macOS Tahoe 26.3; and visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Processing maliciously crafted web content may cause an unexpected Safari crash...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: macvlan: A grace period for resource control is observed in the error path of macvlancommonnewlink. Valis reported that a race condition still occurs after our previous patch. macvlancommonnewlink might have made the device...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: AppArmor: A memory leak was fixed in the verifyheader function. The function sets ns = NULL on every call, causing a memory leak for the namespace string allocated in previous iterations when multiple profiles are unpacked. This...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5, and iPadOS 18.7.5; iOS 26.3 and iPadOS 26.3; macOS Tahoe 26.3; and visionOS 26.3. A remote attacker may be able to cause a denial-of-service attack...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RSS context deletion logic We need to free the corresponding RSS context VNIC in the framework FW every time an RSS context is deleted in the driver. Commit 667ac333dbb7 added a check to delete the VNIC in the...
Astra Linux – Vulnerability in Python 3.11
The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...
Astra Linux – Vulnerability in binutils
A flaw was discovered in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: mm/slab: Added alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be observed: 3959.023862 ------------ Cut here ------------ 3959.023891 alloctag was not...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dcehwseq before dereferencing it. WHAT hws was checked for being null earlier in dce110blankstream, indicating that hws can be null. This check should be performed whenever hws is used. Cherry-picked from...
Astra Linux – Vulnerability in Chromium
Accessing the V8 engine in Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: The zero-initialize of the eb.vma array in i915gemdoexecbuffer was corrected. The eb.vma array is initialized with values of 0 when the eb structure is first set up. Specifically, this sets the eb-vmai.vma pointers ...
Astra Linux – Vulnerability in Chromium
The use of “after free” in PDFs in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted PDF file. Chromium security severity: High...