18102 matches found
Astra Linux – Vulnerability in Thunderbird, Firefox
Navigation was allowed when dragging a URL from a cross-origin iframe into the same tab, which could lead to website spoofing attacks. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Astra Linux – Vulnerability in xorg-server, xwayland
A use-after-free flaw was identified in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, modifying the trigger values as required. Eventually, the SyncInitTrigger function is called. If one of these changes causes an error, the function...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: iio: adc: menz188adc: Fixed a resource leak in the error handling path. If iiodeviceregister fails, a previous ioremap call remains unbalanced. The error handling path has been updated, and the missing iounmap call has been added...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: quota: fixed the loop condition in f2fsquotasync The parameter cnt should be passed to sbhasquotaactive, rather than type, to correctly check the active quota. Moreover, when the type is -1, the compiler, with sufficient...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6, and iPadOS 15.6, as well as macOS Monterey 12.5. Visiting a website that contains malicious content may lead to UI spoofing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Makes bpfrefcountacquire failable for non-owning references This patch fixes an incorrect assumption made in the original bpfrefcount series 0. Specifically, it assumes that the BPF program calling bpfrefcountacquire on a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: sfc: fixed the issue where all channels had TX queues. Normally, all channels have both RX and TX queues. However, this is not true when modparam efxseparatetxchannels=1 is used. In such cases, some channels only have RX queue...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: do not leak PM reference in the error path. If gpminfcapplytimings fails, the PM runtime usage counter must be dropped...
Astra Linux – Vulnerability in Firefox and Thunderbird
During operations on MessageTasks, a task may be removed while it is still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.15, Thunderbird 91.2, Firefox ESR 91.2, Firefox ESR 78.15, and Firefox 93...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed a memory leak in the mes self test. The fences associated with the mes queue must be freed during amdgpuringfini...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: soc: bcm: Check for a NULL return from devmkzalloc. As a potential failure during allocation, devmkzalloc may return NULL. Then, pd-pmb and the subsequent lines of code may lead to a null pointer dereferencing. Therefore, it is...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Ring-buffer: Fixed a race condition between readers and resize checks. The reader code in rbgetreaderpage swaps a new reader page into the ring buffer by using cmpxchg on old-list.prev-next to point it to the new page. After that...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: The DMA buffer should be released to avoid memory leaks. When attaching to a domain, the driver allocates a DMA buffer, which is used to store the address mapping table. This buffer must be released when the IOMMU...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fixed dtlaccesslock to use a rwsemaphore. The dtlaccesslock needs to be a rwsemaphore, a sleeping lock, because the code calls kmalloc while holding this lock, which can cause a sleep condition. bash echo 1...
Astra Linux – Vulnerability in node-tar
The npm package “tar” also known as node-tar in versions prior to 4.4.16, 5.0.8, and 6.1.7 has vulnerabilities related to arbitrary file creation/overwriting and arbitrary code execution. node-tar aims to ensure that any file whose location would be modified by a symbolic link is not extracted...
Astra Linux – Vulnerability in binutils
A vulnerability was discovered in cp-demangle.c of GNU libiberty, as part of GNU Binutils 2.31. There is a stack consumption vulnerability caused by infinite recursion in the functions nextistypequal and cplusdemangletype in cp-demangle.c. Remote attackers could exploit this vulnerability to caus...
Astra Linux – Vulnerability in Pandoc
Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file-write vulnerability. This vulnerability could be exploited by including a...
Astra Linux – Vulnerability in Firefox
The incorrect domain might have been displayed in the address bar during a interrupted navigation attempt. This could have caused confusion for users and potentially led to spoofing attacks. This vulnerability affects Firefox 133 and Thunderbird 133...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcpwritetimerhandler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger an...
Astra Linux – Vulnerability in WebKit2GTK
A logic issue has been addressed through improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2, and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2, and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may allow bypass of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: CFI: Fixed the use of cfislowpathdiag with cpuidle. The use of RCUNONIDLE during cfislowpathdiag can result in an invalid RCU state in the cpuidle code path. WARNING: CPU: 1, PID: 0, at kernel/rcu/tree.c:613, rcueqsenter+0xe4/0x1...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfszoneactivate The btrfs CI reported a lockdep warning as follows when running generic/129. WARNING: A circular locking dependency was detected. 6.7.0-rc5+ 1 Not tainted...
Astra Linux – Vulnerability in pgpool2
The Pgpool-II provided by PgPool Global Development Group contains a authentication bypass vulnerability as a primary weakness. If this vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check that the endpoint is valid before dereferencing it. When the host controller is not responding, all URBs queued to all endpoints need to be terminated. This can cause a kernel panic if we attempt to dereference a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libfs: Fix for getstasheddentry The getstasheddentry function attempts to retrieve a stashed dentry from a specified location in a optimistic manner. It needs to ensure that it holds a rcu lock before dereferencing the stashed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: Buffer: Fixed error handling related to files in IIOBUFFERGETFDIOCTL. If we fail to copy the newly created file descriptor to userland, we try to clean it up by returning the ‘fd’ and freeing the ‘ib’. The code uses...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Potential use-after-free issues have been avoided in hcierrorreset. When handling the HCIEVHARDWAREERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism will free the hcidev, leading ...
Astra Linux – Vulnerability in node-cookiejar
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS attacks through the Cookie.parse function, which uses an insecure regular expression...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fixed the Rx DMA data size and skboverpanic issue. The function managetrxbufcfg aligns the DMA data size of the RX buffer to be a multiple of 64. As a result, a packet slightly larger than mtu+14, for example, 1536...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: x86/fpu: Keep xfdstate synchronized with MSRIA32XFD The commits 672365477ae8 "x86/fpu: Update XFD state where required" and 8bf26758ca96 "x86/fpu: Add XFD state to fpstate" introduced a per-CPU variable xfdstate to keep the...
Astra Linux – Vulnerability in imagemagick
In the functions CatromWeights, MeshInterpolate, InterpolatePixelChannel, InterpolatePixelChannels, and InterpolatePixelInfo, which are all part of /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations that were used with the floor function. These calculations resulted ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Added sanity checks for the validity of rdev. There is a possibility that callbacks for ulpirqstop and ulpirqstart will be called when the device is in a detached state. This could lead to a crash due to NULL pointer...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: A memory leak was fixed in loadelfbinary. There is also a memory leak reported by kmemleak: Unreferenced object: 0xffff88817104ef80 size: 224 Reported by comm "xfsadmin", pid 47165, jiffies: 4298708825 age: 1333.476...
Astra Linux – Vulnerability in libvpx
In libvpx version VP9 before 1.13.1, handling of widths is incorrect, resulting in a crash related to encoding...
Astra Linux – Vulnerability in libsdl1.2, libsdl2
The SDL Simple DirectMediaLayer version from 1.2.15 to 2.0.9, as well as 2.x versions up to 2.0.9, has a heap-based buffer over-read issue in the Blit1to4 function within the video/SDLblit1.c file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: corrected incorrect kunmap when using LZMA on HIGHMEM platforms As shown in the call trace, the root cause is incorrect pages handled by kunmap: BUG: Kernel NULL pointer dereferencing, address: 00000000 CPU: 1 PID: 40 Comm...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid dereferencing the fcport pointer. Klocwork reported a warning that a NULL pointer might be dereferenced. The routine exits when saCTL is NULL and fcport is allocated after the exit call. This causes the NULL...
Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/bridge: sii902x: Fixed the probing race issue A null pointer dereference crash has been observed rarely on TI platforms using the sii9022 bridge: 53.271356 sii902xgetedid+0x34/0x70 sii902x 53.276066...
Astra Linux – Vulnerability in TeXeVe-Bin
OpenDetex 2.8.5 has a Buffer Overflow issue in TexOpen, specifically in detex.l, due to an incorrect sprintf operation...
Astra Linux – Vulnerability in CGal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in Nef2/PMio parser.h, specifically in the PMio parser::readvertex function. OOB read vulnerabilities exist as well. An attacker can provide malicio...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fixed a data race around the sysctltcpfwmarkaccept function. When reading sysctltcpfwmarkaccept, it can be changed concurrently. Therefore, we need to add a READONCE call to its reader function...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxparseblockgrouporsimpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer sub...
Astra Linux – Vulnerability in node-loader-utils
A prototype pollution vulnerability exists in the parseQuery function in parseQuery.js, within the webpack-loader-utils module. This issue affects all versions prior to 1.4.1 and 2.0.3...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: mt7921s: Fixed a slab-out-of-bounds access in the SDIO host. SDIO may require an additional 511 bytes to align bus operations. If the tailroom of this skb is not sufficient, we might access an invalid memory region...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: rds: Fixed a possible NULL pointer dereferencing issue. In the rdsrdmacmeventhandlercmn function, a check was performed to ensure that the conn pointer exists before dereferencing it as an argument for rdmasetservicetype. Th...
Astra Linux – Vulnerability in xterm
With Patch 370, xterm enables Sixel support. When this is enabled, attackers can exploit a buffer overflow in the setsixel function in graphicssixel.c by using crafted text...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During S2idle tests on the Raspberry CM4, the VPU firmware always crashes when the xHCI power-domain is resumed: root@raspberrypi:/sys/power echo freeze state 70.724347 xhcisuspend finishe...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed an issue identified by KASAN...