18102 matches found
Astra Linux – Vulnerability in libvirt
qemu/qemudriver.c in libvirt before version 6.0.0 improperly handles the handling of a monitor job during a query to a guest agent. This allows attackers to cause a denial of service API blockage...
Astra Linux – Vulnerability in SQLite3
In SQLite version 3.31.1, the ALTER TABLE implementation contains a use-after-free issue, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/panel: ili9341: fix optional regulator handling If the optional regulator lookup fails, reset the pointer to NULL. Other functions such as mipidbipoweronconditional only perform a NULL pointer check; otherwise, they will...
Astra Linux – Vulnerability in Linux, Linux 5.10
A vulnerability was discovered in the drivers/usb/gadget/function/rndis.c file within the Linux kernel before version 5.16.10. The RNDIS USB gadget does not include validation for the size of the RNDISMSGSET command. Attackers can obtain sensitive information from the kernel memory...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: gfs2: Always check the inode size of inline inodes. Check whether the inode size of inline inodes is within the allowed range when reading inodes from the disk gfs2dinodein. This prevents on-disk corruption. The two checks in...
Astra Linux – Vulnerability in xorg-server
A vulnerability was discovered in X.Org. This security flaw arises because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges escalation on systems where the X server is running with...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Input: sparcsspkr – fixed the refcount leak in bbcbeepprobe. The function offindnodebypath calls ofnodeoptsbypath, which returns a node pointer with a refcount incremented. We should use ofnodeput on it after processing. Add...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not erase the value of ret in btrfsvalidatesuper. Commit 2a9bb78cfd36 “btrfs: validate the system chunk array in btrfsvalidatesuper” introduces a call to validatesyschunkarray in btrfsvalidatesuper, which erases the val...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix for suspend/resume behavior. Disabling the cache in commit 2ff4ba9e3702 “clk: rs9: Fix for I2C accessors” without removing cache synchronization in the resume path results in a kernel panic, as map-cacheops is unset...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/drv: Fixed a potential memory leak in drmdevinit. drmdevinit will add drmdevinitrelease as a callback. When drmmaddaction fails, the release function will not be added. As a result, the refcnt added by deviceget in...
Astra Linux – Vulnerability in WebKit2GTK
In WebKitGTK up to 2.36.0 and WPE WebKit, there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: moxart: fixed potential use-after-free when removing a path. It was reported that the mmc host structure could be accessed after it was freed in moxartremove. Therefore, this issue was addressed by saving the base register of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: LAG, fixed the logic for MLX5LAGFLAGNDEVSREADY Set MLX5LAGFLAGNDEVSREADY only if both devices are registered. This ensures that both ldev-pfMLX5LAGP0.dev and ldev-pfMLX5LAGP1.dev have valid pointers when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the issue where the timer for starting a call race against the destruction of the call occurred. The rxrpccall structure contains a timer used to handle various timed events related to a call. This timer can be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: tee: amdtee: fixed an issue where ISERR returned NULL instead of an error pointer. The getfreepages function does not return error pointers; it returns NULL instead. Therefore, this condition needs to be corrected to avoid NUL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fixed UAF in ep93xxclkregistergate arch/arm/mach-ep93xx/clock.c:154:2: Warning: Use of memory after it is freed clang-analyzer-unix.Malloc arch/arm/mach-ep93xx/clock.c:151:2: Note: Taking a true branch if ISERRclk ...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: fbdev: smscufx: Fixed several use-after-free bugs. Multiple types of UAFs Use-After-Free errors can occur when physically removing a USB device. The function ufxopsdestroy has been added to the .fbdestroy of the fbops structur...
Astra Linux – Vulnerability in Mariadb 10.3
It has been discovered that MariaDB Server v10.9 and earlier contains a use-after-free issue due to the Binarystring::freebuffer function at the /sql/sqlstring.h component...
Astra Linux – Vulnerability in Linux 5.15
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: The pointer used to track HVS FIFO operations was cleared after the operation was completed. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait for previous FIFO users before committing” introduced a mechanism for waiting for...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set ubuf-sg = NULL if the creation of the sg table fails. When the user space attempts to map the dmabuf, and for some reason e.g., OOM, the creation of the sg table fails, ubuf-sg needs to be set to NULL. Otherwise, whe...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.11 contains a heap buffer overflow issue, due to the use of the derivecollocatedmotionvectors function in the motion.cc file...
Astra Linux – Vulnerability in mbedtls
Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the net, neigh module, do not trigger immediate probes on NUDFAILED from neighmanagedwork. The syzkaller was able to trigger a deadlock for NTFMANAGED entries: - kworker/0:16/14617 is trying to acquire a lock: fffffffff8d4dd37...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: The FPU state is invalidated after a failed XRSTOR operation from a user buffer. Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with PF, but they have nonetheless changed the state of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: acomp – Fixed CFI failures due to type punning. To avoid crashes when control flow integrity is enabled, ensure that the workspace “stream” uses a consistent type for function calls, and invoke functions through a functio...
Astra Linux – Vulnerability in gpac
A vulnerability was discovered in GPAC version 2.4. It has been rated as problematic. The affected function is gfdashdownloadinitsegment in the file src/mediatools/dashclient.c. Manipulating the baseiniturl argument leads to a null pointer dereference. This attack can be launched remotely. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Split the initial and dynamic conditions for extentcache. We need to allocate the extentcache tree without dynamic conditions to avoid a panic caused by a missing condition as described below. Create a file with a...
Astra Linux - уязвимость в tomcat9
There is a vulnerability in Apache Tomcat known as “Allocation of Resources Without Limits or Throttling”. This issue affects Apache Tomcat versions ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, and from 9.0.0.M1 to 9.0.117. Older, unsupported versions may also be affected. It is...
Astra Linux – Vulnerability in Qemu
QEMU 5.0.0 has a heap-based Buffer Overflow in the flatviewreadcontinue function in exec.c, as hw/sd/sdhci.c improperly handles a write operation in the SDHCBLKSIZE case...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup of the mana struct after debugfsremove When hibernation is triggered on a MANA VM, as part of hibernatesnapshot, managdsuspend and managdresume are called. If a failure occurs during managdresume related to HWC...
Astra Linux – Vulnerability in libconvert-asn1-perl
Perl-Convert-ASN1 also known as the Convert::ASN1 module for Perl up to version 0.27 allowed remote attackers to create an infinite loop due to unexpected inputs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: pmdomain: arm: Fixed NULL dereference upon removal of scmiperfdomain When the scmiperfdomain module was unloaded, a segmentation fault occurred. In the test system provided to the system under test, the power-domain-cells...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘tty: ngsm: fix UAF in gsmcleanupmux’” This reversion involves commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The above commit was reverted because it did not solve the original issue. The function gsmcleanupmux attempt...
Astra Linux – Vulnerability in Node.js
Node.js versions prior to 16.6.1, 14.17.5, and 12.22.5 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Buffer size aligned upwards. The hardware can support any image size, WxH, with arbitrary values for W image width and H image height. The buffer size is aligned upwards for both the encoder and the decoder, whil...
Astra Linux – Vulnerability in node-y18n
The package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear the FFR context field in streaming SVE mode The FFR is a predicate register whose size can range from 16 to 256 bits, depending on the configured vector length. When saving the SVE state in streamin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: Set UXN on swapper page tables This issue was accidentally fixed upstream via c3cee924bd85 "arm64: head: cover the entire kernel image in the initial ID map", as part of a major refactoring of the arm64 boot process. This...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the mech token during session setup. If a client sends an invalid mech token in a session setup request, ksmbd validates it and reports an error if the token is invalid...
Astra Linux – Vulnerability in Chromium
Using “after free” in Dawn in Google Chrome before version 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after free in ANGLE in Google Chrome before version 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in faad2
A issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. It is a buffer over-read in psmixphase in libfaad/psdec.c...
Astra Linux – Vulnerability in Vim
Use After Free in the GitHub repository vim/vim before version 9.0.0360...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
BlueZ HID over GATT Profile: Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected BlueZ installations. Authentication is not required to exploit this vulnerability. The specific flaw lies in the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fixed a NULL pointer issue in the channel unregistration function. The dmaasyncdevicechannelregister function may fail. In the event of a failure, chan-local is freed with freepercpu, and chan-local becomes null. When...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fixed a possible memory leak in mt76x02umcusendmsg. Free the skb if mt76ubulkmsg fails in the mt76x02umcusendmsg routine...