18102 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fixed a memory leak in updateeth regs async When writing to the device registers asynchronously, and if usbsubmiturb fails, the code fails to release the resources allocated for this process...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTOU race conditions, potentially causing divide-by-zer...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free in tipcmonreinitself. syzbot reported a use-after-free of tipcnetnet-monitors in tipcmonreinitself. The array is protected by RTNL, but tipcmonreinitself iterates over it without using RTNL...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fixed a use-after-free issue when updating multicast route statistics. The cited commit added a dedicated mutex instead of RTNL to protect the multicast route list. This ensures that the list does not change...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Added a missing check for allocorderedworkqueue. Added a check on the return value of allocorderedworkqueue, as it may return a NULL pointer, causing a NULL pointer dereferencing in hdmihdcp.c and hdmihpd.c. Patch...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drmcopyfield from attempting to copy a NULL pointer. There are some fields in the struct drmdriver structure that are required by drivers. Since drmcopyfield attempts to copy these fields to user-space via...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed the link-down processing to address the issue of NULL pointer dereferencing. If a FC link-down transition occurs while PLOGIs are outstanding and the fabric-known addresses are involved, outstanding ABTS request...
Astra Linux – Vulnerability found in Golang versions 1.15, 1.19, and 1.23
The net/http package improperly accepts a bare LF as a line terminator in chunked data with fixed-sized chunks. This can allow for request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ip6vti: The issue of “slab-use-after-free” in decodesession6 has been fixed. When the ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. This can lead to a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: blk-throttle: Fixed an access race issue during the activation of the throttle policy. Upon repeated cold boots, we occasionally encounter a NULL pointer crash in blkshouldthrotl, when checking the throttle policy before the...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: dm flakey: fixed an crash caused by an invalid table line. This command will cause a crash when using a NULL pointer dereference: dmsetup create flakey --table "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbioby...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ptp: A possible memory leak has been fixed in ptpclockregister. I encountered a memory leak during the fault injection test. The affected object is as follows: 0xffff88800906c618 size: 8 bytes: comm "i2c-idt82p33931", pid 4421,...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In md/raid10, the issue of null-ptr-deref in raid10syncrequest has been fixed. In initresync, the mempool is initialized, and conf-havereplacemnt is set to 0 at the beginning of the sync process. closesync frees the mempool when...
Astra Linux - уязвимость в pygments
A ReDoS issue was discovered in the pygments/lexers/smithy.py file within pygments, as of version 2.15.0, due to the use of SmithyLexer...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount It is necessary to ensure that the value of the block size recorded in the superblock is valid. Otherwise, the shift operation used to calculate the block size may overflow, resulting ...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: pcie: Fixed an integer overflow in the iwlwritetouserbuf function. An integer overflow occurs in the iwlwritetouserbuf function, which is called by the iwldbgfsmonitordataread function. The function is as follows: ...
Astra Linux – Vulnerability in openssl1.0
Calls to the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions may cause the output length argument to overflow in some cases where the input length is close to the maximum permissible length for integers on the platform. In such cases, the return value from the function call will...
Astra Linux – Vulnerability in Mariadb 10.3
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. The supported versions affected are 5.7.33 and earlier, as well as 8.0.23 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromi...
Astra Linux – Vulnerability in SQLite3
In SQLite 3.31.1, the isAuxiliaryVtabOperator function allows attackers to trigger a NULL pointer dereferencing and segmentation fault due to generated column optimizations...
Astra Linux – Vulnerability in Consul
The HashiCorp Consul and Consul Enterprise versions up to 1.9.4 had a key-value KV raw mode that was vulnerable to cross-site scripting attacks. This issue was fixed in versions 1.9.5, 1.8.10, and 1.7.14...
Astra Linux – Vulnerability in libvirt
A NULL pointer dereference was detected in the libvirt API, which was introduced in the upstream version 3.10.0 and fixed in libvirt 6.0.0. This issue relates to the retrieval of a storage pool based on its target path. More specifically, this flaw affects storage pools created without a target...
Astra Linux – Vulnerability in sysstat
Before version 12.1.6, sysstat experienced memory corruption due to an integer overflow in the remapstruct function in sacommon.c...
Astra Linux – Vulnerability in openssl1.0
In situations where an attacker receives automated notifications of the success or failure of a decryption attempt, an attacker can recover the CMS/PKCS7 transport encryption key after sending a very large number of messages to be decrypted. They can also decrypt any RSA-encrypted message encrypt...
Astra Linux – Vulnerability in Apache2
A carefully crafted request URI-path can cause modproxyuwsgi to exceed the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...
Astra Linux – Vulnerability in lz4
There is a flaw in lz4. An attacker who submits a crafted file to an application that uses lz4 may be able to trigger an integer overflow, resulting in the call to memmove with a negative size argument. This can lead to an out-of-bounds write and/or a system crash. The most significant impact of...
Astra Linux – Vulnerability in Linux
Improper input validation in the IntelR Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access...
Astra Linux – Vulnerability in Ruby 2.5
In RDoc 3.11 through 6.x, as distributed with Ruby up to 3.0.1, it was possible to execute arbitrary code using | and tags within a filename...
Astra Linux – Vulnerability in Chromium, LibXSLT
Before version 91.0.4472.164, using Blink XSLT in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in OpenLDAP
In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...
Astra Linux – Vulnerability in Firefox and Thunderbird
Performing garbage collection on re-declared JavaScript variables led to a “user-after-poison” situation, and potentially caused a exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...
Astra Linux – Vulnerability in curl
A user can specify that curl = 7.20.0 and = 7.78.0 requires a successful upgrade to TLS when communicating with IMAP, POP3, or FTP servers. This is achieved by using the --ssl-reqd option on the command line, or setting CURLOPT USESSL to CURLUSESSLCONTROL or CURLUSESSLALL with licurl. This...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in gnutls28
A flaw was discovered in gnutls. A use-after-free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential problems...
Astra Linux – Vulnerability in curl
Curl versions 7.20.0 through 7.70.0 are vulnerable to improper restrictions on the names of files and other resources, which can lead to overwriting of local files when the -J flag is used...
Astra Linux – Vulnerability in OpenLDAP
A flaw was discovered in OpenLDAP before version 2.4.57, which led to an assertion failure in slapd’s saslAuthzTo validation process, resulting in a denial of service...
Astra Linux – Vulnerability in OpenLDAP
An integer underflow was discovered in OpenLDAP before version 2.4.57, which led to slapd crashes during the Certificate Exact Assertion processing, resulting in a denial of service schemainit.c serialNumberAndIssuerCheck...
Astra Linux – Vulnerability in Ansible
A race condition flaw was discovered in Ansible Engine 2.7.17 and earlier versions, as well as 2.8.9 and earlier, and 2.9.6 and earlier. This issue occurs when running a playbook with an unprivileged “become user” command. When Ansible needs to execute a module with the “become user” command, a...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible Engine. This flaw occurs in all versions of Ansible Engine from 2.7.x, 2.8.x, and 2.9.x, up to 2.7.17, 2.8.9, and 2.9.6. The issue arises when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled. After a clean operation,...
Astra Linux – Vulnerability in Apache2
The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL request. The origin server did not necessarily upgrade this connection. As a result, subsequent requests using the same connection could be processed without any HTTP validation...
Astra Linux – Vulnerability in libarchive
A vulnerability has been identified in the libarchive library. This flaw can lead to an over-reading of the heap buffer, as the size of a filter block may exceed the Lempel-Ziv-Storer-Schieber LZSS window. This means that the library may attempt to read beyond the allocated memory buffer, which c...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. The libsoup appendparamquoted function may contain an overflow bug, which can lead to a buffer under-read...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ice: Fixed a memory leak in aRFS after reset. The memory leak in aRFS structures was fixed by adding a check to verify whether the aRFS memory has already been allocated during VSI configuration. aRFS objects are allocated in two...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: vrf: Use RCU protection in l3mdevl3out. l3mdevl3out can be called without RCU being held: rawsendmsg ippushpendingframes ipsendskb iplocalout iplocalout l3mdevipout Add rcureadlock / rcureadunlock pairs to avoid a potential...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fixed a panic that occurred during the removal of an interface. Reference counting is used to ensure that batadvhardifneighnode and batadvhardiface are not freed before/during the completion of...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: openvswitch: Use RCU protection in ovsvportcmdfillinfo. ovsvportcmdfillinfo can be called without RTNL or RCU. Use RCU protection and devnetrcu to avoid potential UAF Use-After-Free errors...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a Use-after-Allocation UAF that can be abused for privilege escalation using the following scripts: Step 1: Create a root...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fixed the information leak in the triggered buffer. The data array is allocated using kmalloc, and it is used to push data to user space from the triggered buffer. However, it does not set values...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ubifs: Authentication: Fixed a use-after-free in ubifstncendcommit. After an insertion in TNC, the tree may split, causing a node to change its znode-parent. Further deletions of other nodes in the tree which could also free thos...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fixed potential integer overflows. The 64-bit argument for the “get DIMM info” SMC call consists of memctrlidx, which is left-shifted by 16 bits and OR-ed with the DIMM index. Since memctrlidx is defined as a 32-b...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: A missing range check was added in bitmapipuadt. When tbIPSETATTRIPTO is not present, but tbIPSETATTRCIDR exists, the values of ip and ipto are slightly swapped. As a result, the range check for ip should be...