18095 matches found
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a memory access violation occurred in irpthreadfunc because the IRP was freed by irp-Complete, and then accessed again during the error handling path. This vulnerability has been fixed in version 3.20.1...
Astra Linux – Vulnerability in Chromium
In Google Chrome, policy bypass in LocalNetworkAccess before version 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after-free in Blink in Google Chrome before version 147.0.7727.55 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in wpa
In Hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker who has successfully bootstrapped public keys with another entity using PKEX in the past will be able to subvert future bootstrapping attempts by passively observing the public keys. By...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fixed a use-after-free bug caused by unfinished delayed work. The delayed work item “immtq” is initialized in immattach and scheduled for processing via immqueuecommand. When the IMM parallel port SCSI host adapter is...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, there was a heap buffer over-read vulnerability in the MAP image decoder when processing specially crafted MAP files, which could potentially lead to crashes or...
Astra Linux – Vulnerability in qBittTorrent
All versions of the qBittorrent client up to 4.5.5 use default credentials when the web user interface is enabled. Administrators are not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfclipboardformatequal read the freed lastSentFormats memory because xfclipboardformatsfree called from the cliprdr channel thread during auto-reconnect freed the array. Meanwhile, the X11 event thread...
Astra Linux – Vulnerability in Chromium
The use of uninitialized variables in WebCodecs in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Firefox and Thunderbird
Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebAudio in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed inconsistencies in e4b bitmap reports An inconsistency issue with the bitmap was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple e4b bitmap check failures, such as:...
Astra Linux – Vulnerability in Firefox
DoS attack in the XML component. This vulnerability has been fixed in Firefox 149 and Thunderbird 149...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: - In the net subsystem, use dstdevrcu in sksetupcaps. - Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. - Also use dstdevrcu in ip6dstmtumaybeforward and ipdstmtumaybeforward. - ip4dsthoplimit can...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: drm, fbcon, vgaswitcheroo: Avoid race conditions in the fbcon setup process. Protect the vgaswitcherooclientfbset function with a console lock. This prevents out-of-band OOB access in the fbconremapall function. Without holdin...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fixed out-of-bounds access during read/writing of sysfs attributes. Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. Example: vm: echo...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: classmate-laptop – Added NULL pointer checks where necessary. In several places within the Classmate laptop driver, code that uses the accel object may execute before its address is stored in the driver’s data...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed a use-after-free in the iomap inline data write path The inline data buffer head dibh is prematurely released in gfs2iomapbegin via releasemetapath, while iomap-inlinedata still points to dibh-bdata. This causes a...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In the net: atm code, there was a crash that occurred due to an unvalidated vcc pointer in sigdsend. A reproducer for this issue is available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “core: fix leak on early registration failure” A recent commit fixed a resource leak that occurs during early registration failures. However, for some reason, the first error path was left out; this still causes resources...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fixed a NULLptrderef issue in ishtpbusremoveallclients. During a warm reset process, the cl-device pointer may become NULL if the reset occurs while clients are still being enumerated. Accessing...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: vhost: The bound check for the vdpa group has been moved to vhostvdpa. Duplication has been eliminated by consolidating these changes. This reduces the possibility that a parent driver may miss these checks. Additionally, we...
Astra Linux – Vulnerability in dcmtk
A vulnerability was identified in DCMTK up to version 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to exploit this attack. The name of the patch is...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability has been fixed in versions 7.1.2-16 and 6.9.13-41...
Astra Linux – Vulnerability in curl
When performing TLS-related transfers using reused easy or multi-handles, and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl may accidentally reuse a CA store cached in memory, where the partial chain option is reversed. This goes against the user’s wishes and expectations. As a result,...
Astra Linux – Vulnerability in PostgresSQL-15
Lack of authorization in the PostgreSQL CREATE STATISTICS command allows a table owner to perform denial of service against other users who also attempt to execute CREATE STATISTICS commands within the same schema. A subsequent execution of the CREATE STATISTICS command with the same name, by a...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Corrected the allocation size for bytes controls The size of the data behind scontrol-ipccontroldata for bytes controls is as follows: 1 sizeofstruct sofipc4controldata + // kernel-only struct 2...
Astra Linux – Vulnerability in Chromium
Integer overflow in Fonts in Google Chrome prior to version 146.0.7680.165 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in GIMP
GIMP XWD File Parsing: Out-of-Bounds Write Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in the ClonePixelCacheRepository function allowed a remote attacker to cause a denial of service by providing a crafted image file,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: clk: qcom: gfx3d: added a “parent” field to the “parent request map”. After committing d228ece36345 “clk: divider: removed roundrate in favor of determinerate”, the function determining the GFX3D clock rate became unstable. Th...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: pinctrl: A single issue was addressed: fixing the refcount leak in pcsadd gpiofunc. The function ofparsephandlewithargs returns a devicenode pointer whose refcount is incremented in gpiospec.np. The loop iterates through all...
Astra Linux – Vulnerability in hdf5
The HDF5 library from version 1.14.3 has a heap-based buffer overflow issue in the H5Tconvstructopt function within H5Tconv.c...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed the dsc eDP issue Why It is necessary to add a function hook check before using the function...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: kexec: deriving the entry from the purgatory symbol The kexecloadpurgatory function derives image-start by locating eentry within an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with...
Astra Linux – Vulnerability in mapserver
MapServer is a system for developing web-based GIS applications. Starting from version 4.2 and before version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser allowed a remote, unauthenticated attacker to crash the MapServer process by sending a crafted SLD...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A memory leak was fixed in amdgpurasinit. When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, resulting in a memory leak. This issue was fixed by...
Astra Linux – Vulnerability in Thunderbird
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email, which was formatted and styled using HTML and CSS, the decrypted contents were displayed in a context where the CSS styles from the outer messages remained active. If...
Astra Linux – Vulnerability in Chromium
Before version 146.0.7680.178, using WebCodecs in Google Chrome allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: A failure to properly manage the allocation of an entry in masstoregfp leads to a memory leak. The function regcachemaplewrite allocates a new block called “entry” to merge adjacent ranges, and then stores it using...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fixed NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the ‘thread’ pointer acquired via rcudereferenceprotected within the waitevent macro. While the code...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix the initialization of the spitransfer struct Make sure that the spitransfer struct is cleared to zero before use...
Astra Linux – Vulnerability in Chromium
Using “after free” in WebGPU within Google Chrome before version 146.0.7680.165 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in giflib
Giflib contains a double-free vulnerability, which is caused by a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions necessary to trigger this vulnerability are complex, but it may still occur...
Astra Linux – Vulnerability in GIMP
GIMP PSP File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...