18102 matches found
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a global buffer overflow in the decodeCABACbit function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in f2fs-tools
There is an exploitable code execution vulnerability in the multi-device functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to information overwriting, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allows Heap-based Buffer Overflows because it mishandles the "-F’.‘” syntax on the command line. This may allow privilege escalation from any user to root. This issue occurs due to the incorrect interpretation of negative sizes in the strncpy function...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the mcchroma function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the ffhevcputunweightedpred8sse function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the putqpel00fallback16 function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in fig2dev
Fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed integer overflow to lead to a buffer overflow in the receiveaddrecipient function, through an email message with fifty million recipients. NOTE: Remote exploitation might be difficult due to resource consumption...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper initialization issue that can lead to recursive stack consumption or other consequences. This occurs because the use of certain getc functions is handled incorrectly when a client uses BDAT instead of DATA...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed Use After Free in smtpreset in certain situations that might be common in builds using OpenSSL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Fix use-after-free on error path In the error path of sevtsminitlocked, the code dereferes t after it has been freed with kfree. The prerr statement attempts to access t-tioen and t-tioinitdone after the memory has...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile does not initialize the aiocmd-iocb for the kiwritestream. When the writecommand fdexecuterwaio is executed, we may receive an invalid value for kiwritestream,...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in Golang-1.19
Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/TLS clients, as well as servers that have Config.ClientAuth set to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: appletbkbd: fixed a “slab-use-after-free” bug in appletbkbdprobe. In the probe function appletbkbdprobe, an instance of “struct appletbkbd kbd” is allocated using devmkzalloc to store touch-bar keyboard-related data. Later, ...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in ANGLE in Google Chrome prior to version 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Failure to set the dormant flag on the hook register We need to set the dormant flag again if we fail to register the hooks. During memory pressure, hook registration may fail, resulting in a table being...
Astra Linux – Vulnerability in hdf5
A vulnerability classified as problematic was discovered in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb in the file src/H5FScache.c. The exploitation of this vulnerability leads to a heap-based buffer overflow. Local access is required to carry out this attack. T...
Astra Linux – Vulnerability in node-cipher-base
There is a vulnerability in improper input validation in the cipher-base module, which allows for manipulation of input data. This issue affects cipher-base version 1.0.4...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in opensc
A vulnerability was discovered in OpenSC. This security flaw causes a buffer overflow vulnerability in the cardoshaveverifyrcpackage function. An attacker can provide a smart card package with malformed ASN1 data. The cardoshaveverifyrcpackage function scans the ASN1 buffer for two tags, but the...
Astra Linux – Vulnerability in Firefox and Thunderbird
The JIT compiler generated incorrect code for arguments in certain cases. This led to potential use-after-free errors during garbage collection. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
Astra Linux – Vulnerability in Chromium
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in PostgresSQL 11
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...
Astra Linux – Vulnerability in xorg-server
A out-of-bounds write flaw was discovered in the xorg-x11-server. This issue arises due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c, and in the RRChangeOutputProperty function in randr/rrproperty.c...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in xorg-server. Changing the actions of XKB buttons, such as moving between the touchpad and the mouse, can lead to out-of-bounds memory reads and writes. This may allow for local privilege escalation or potential remote code execution, especially in cases where X11 forwardi...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: A out-of-bounds read occurred in smb2sesssetup. ksmbd does not consider the case where smb2sesssetup is part of a compound request. If this is the second payload of the compound request, an OOB Out-of-Bounds read issue...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The inappropriate implementation of Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions through a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux – Vulnerability in pcre2
A out-of-bounds read vulnerability was discovered in the PCRE2 library, specifically in the getrecursedatalength function of the pcre2jitcompile.c file. This issue affects recursions in JIT-compiled regular expressions due to duplicate data transfers...
Astra Linux – Vulnerability in openexr
There is a flaw in OpenEXR’s deep tile sample size calculations in versions before 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could trigger an integer overflow, resulting in an out-of-bounds read. The greatest risk of this flaw is to the application’s...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using free after in the Ozone browser extension in Google Chrome allowed a remote attacker to potentially exploit heap corruption by running a Wayland test...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using free after Vulkan in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially allow the extension to escape the sandbox via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 96.0.4664.93, using free after in the window manager in Google Chrome on ChromeOS allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 103.0.5060.134, using free after in the Guest View in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Tab Strip component in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Firefox
A vulnerability was identified in Thunderbird, where XPath parsing could trigger undefined behavior due to the lack of null checks during attribute access. This could lead to out-of-bounds read access and, potentially, memory corruption. This vulnerability has been fixed in Firefox 138, Firefox E...
Astra Linux – Vulnerability in dcmtk
A vulnerability has been discovered in DCMTK 3.6.9. It has been classified as critical. This vulnerability affects unknown code within the dcmjpls JPEG-LS Decoder component. The vulnerability leads to memory corruption. The attack can be initiated remotely. The exploit has been made public and ma...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh’s handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, especially...
Astra Linux – Vulnerability in exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm quadratic complexity was found in Exiv2 versions v0.27.3 and earlier. This inefficient algorithm occurs when Exiv2 is used to write metadata into a...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox...
Astra Linux – Vulnerability in Firefox and Thunderbird
A clickjacking vulnerability could have been exploited to trick users into revealing their saved payment card details to a malicious page. This vulnerability has been fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...
Astra Linux – Vulnerability in zvbi
A critical vulnerability was discovered in libzvbi up to version 0.2.43. This vulnerability affects the vbisearchnew function in the src/search.c file. Manipulation of the patlen argument leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Navigation in Google Chrome before version 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Fonts component of Google Chrome prior to version 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in the 389-DS-base
A flaw was discovered in 389-ds-base. A specially crafted LDAP query may potentially cause a failure on the directory server, resulting in a denial of service...