18102 matches found
Astra Linux – Vulnerability in Nasm
There is a use-after-free in asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16, which will cause a denial of service during a line-number increment attempt...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. The supported versions affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This easily exploitable vulnerability allows an unauthenticat...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fixed a use-after-free case in tcpmregistersourcecaps. There might be a potential use-after-free case in tcpmregistersourcecaps. This could occur when: - New say, invalid source caps are advertised. - Existing...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: “quota”: Fixed the potential NULL pointer dereferencing. The race condition below may cause NULL pointer dereferencing. P1 P2 dquotfreeinode quotaoff dropdquotref removedquotref dquots = idquotinode dquots = idquotinode...
Astra Linux – Vulnerability in libvncserver
A divide by zero issue was detected in libvncserver-0.9.12. A malicious client could exploit this flaw to send a specially crafted message. When this message is processed by the VNC server, it will cause a floating-point exception, resulting in a denial of service...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A use-after-free vulnerability was discovered in the siano smsusb module within the Linux kernel. The bug occurs during device initialization, when the siano device is plugged in. This flaw allows a local user to crash the system, resulting in a denial-of-service condition...
Astra Linux – Vulnerability in opusfile
A null pointer dereference issue was discovered in the functions opgetdata and opopen1 in opusfile.c. In versions 0.9 through 0.12 of xiph opusfile, this issue allows attackers to cause denial of service or other unspecified impacts...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an Out-of-Bounds Read in the generalLumaToYUV444 function. This Out-of-Bounds Read occurs because processing is performed on the in variable without checkin...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox version...
Astra Linux – Vulnerability in Chromium
The use of after free in Passwords in Google Chrome prior to version 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through crafted UI interactions. Chromium security severity: High...
Astra Linux – Vulnerability in Samba
Samba AD DC includes checks when adding service principal names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks can be bypassed if an account modification re-adds an SPN that was previously present on that account, such as an SPN added...
Astra Linux – Vulnerability in mbedtls
A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: rcutorture: Fixed the issue where ksoftirqd’s timing and iteration were increased. The RCU priority boosting can fail in two situations: 1 If nrcpus maxcpus, meaning that the total number of CPUs is greater than the number of...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of putunweightedpred16fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A race condition was detected in the Linux kernel’s DRM/Exynos device driver, specifically in the exynosdrmcrtcatomicdisable function. This can lead to a null pointer dereferencing issue, which may potentially cause a kernel panic or a denial of service condition...
Astra Linux – Vulnerability in openjdk-11
A vulnerability exists in the Oracle Java SE and Oracle GraalVM Enterprise Edition products developed by Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable...
Astra Linux – Vulnerability in SOX
A vulnerability was discovered in SoX, where a heap buffer overflow occurs in the startread function in the hcom.c file. This vulnerability can be exploited by using a specially crafted hcomn file, which may cause the application to crash...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to version 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
By injecting a cookie with certain special characters, an attacker on a shared subdomain that is not in a secure context can set and overwrite cookies from a secure context. This leads to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...
Astra Linux – Vulnerability in pillow
A issue was discovered in Pillow before version 8.2.0. For BLP data, BlpImagePlugin did not properly check the returned data after jumping to file offsets. This could lead to a denial-of-service attack, where the decoder could be executed multiple times with empty data...
Astra Linux – Vulnerability in node-qs
The qs format used before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process to hang for an Express application. This is because the proto key can be exploited. In many typical Express use cases, an unauthenticated remote attacker can insert the...
Astra Linux – Vulnerability in imagemagick
In /MagickCore/statistic.c, there are several places where a sizet cast should have been replaced with an ssizet cast. This causes out-of-range values under certain circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security classified this as Low severity becaus...
Astra Linux – Vulnerability in openimageio
There is an information disclosure vulnerability in the IFFOutput channel interleaving functionality of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to the leakage of heap data. An attacker can provide malicious input to trigger th...
Astra Linux – Vulnerability in connman
Before version 1.39, gdhcp in ConnMan could be exploited by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp...
Astra Linux – Vulnerability in binutils
A vulnerability was discovered in Binutils objdump prior to version 2.39.3. Attackers can exploit this vulnerability to cause a denial of service or other unspecified effects through the bfdmachogetsyntheticsymtab function in match-o.c...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfc: nxp-nci: Fixed a potential memory leak in nxpncisend The nxpncisend function calls nxpncii2cwrite. The skb is only freed when nxpncii2cwrite fails. However, even if nxpncii2cwrite succeeds, the skb is not freed within...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It’s possible to cause the allocation length to overflow with a specially crafted tar file, resulti...
Astra Linux – Vulnerability in Ruby 2.5
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allow HTTP response splitting. This is relevant for applications that use untrusted user input, either to generate an HTTP response or to create a CGI::Cookie object...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevents an error message from causing runtime problems. For some drivers that use the DMA API, this error message can occur several million times per second. This can lead to excessive use of the kernel’s printk buffe...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A memory leak issue was discovered in the ctnetlinkcreateconntrack function within net/netfilter/nfconntracknetlink.c in the Linux kernel. This issue may allow a local attacker with CAPNETADMIN privileges to trigger a Denial-of-Service DoS attack due to a refcount overflow...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix error handling code in ufxusbprobe The current error handling code in ufxusbprobe contains many inconsistencies. For example, the function ufxfreeusblist is missing, and the destroymodedb label should only...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: SUNRPC: Fixed a server shutdown leak A race condition was addressed where kthreadstop might prevent threadfn from being called at all. If this occurs, the svcrqst will not be cleaned up properly...
Astra Linux – Vulnerability in libcrypto++
In gf2n.cpp within Crypto++ also known as cryptopp, available from version 8.9.0, attackers can cause a denial of service application crash by exploiting DER public-key data for an F2^m curve. This occurs when the degree of each term in the polynomial is not strictly decreasing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed possible UAFs This attempt to fix possible UAFs is due to the fact that the struct mgmtpending is freed while it is still being processed, as seen in the following trace. To address this issue,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fixed a UAF issue in f2fsinodeinfo in f2fsfreedic. The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after reading, and the kworker responsible for...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Obtaining inteldisplay from the encoder to avoid potential issues. Obtain inteldisplay from “encoder” instead of “state” within the encoder hooks. This avoids the problematic behavior caused by intelsanitizeencoder, whi...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Serialization. The supported versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable...
Astra Linux – Vulnerability in Thunderbird
The olmsessiondescribe function in Matrix libolm before version 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a...
Astra Linux – Vulnerability in binutils
A vulnerability was discovered in cp-demangle.c of GNU libiberty, as part of GNU Binutils 2.31. There is a stack consumption vulnerability caused by infinite recursion in the functions nextistypequal and cplusdemangletype in cp-demangle.c. Remote attackers could exploit this vulnerability to caus...
Astra Linux – Vulnerability in Chromium
The inappropriate implementation of the Extensions API in Google Chrome prior to version 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations of Skia in Google Chrome prior to version 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sfc: NULL dereference operations were corrected in ef100processdesignparam. Since the referenced commit, ef100probemain and therefore ef100checkdesignparams are executed before efx-netdev is created. As a result, we cannot use...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: Removed the RTNL delay for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first, and then forwarded to brioctlcall. This causes an unnecessary RTNL delay and a segmentation fault below 0 under RTNL pressur...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: A UAF bug was fixed in the error path of the probing process. When the driver fails in sndcardregister during the probing phase, it will free the bcd2k-midiouturb before terminating it, which could lead to a UAF bu...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: Unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers both sdio and spi, which can lead to kernel panic. For example, this issue occurs when using SPI:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Resetting the register ID for BPFEND value tracking When a register undergoes a BPFEND operation byte swap, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register e.g., aft...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcpwritetimerhandler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not...
Astra Linux – Vulnerability in Firefox
A transient execution vulnerability, named Floating Point Value Injection FPVI, allowed attackers to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox. This vulnerability affect...