18102 matches found
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This easily exploitable...
Astra Linux – Vulnerability in OpenSSL
AES OCB mode for 32-bit x86 platforms, using the AES-NI assembly-optimized implementation, may not encrypt all of the data under certain circumstances. This could reveal sixteen bytes of data that were already present in the memory but were not written. In the special case of “in-place” encryptio...
Astra Linux – Vulnerability in vsftpd
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers that implement different protocols but use compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker, who has access to the victim’s traffic at the TCP/IP layer, can redirect...
Astra Linux – Vulnerability in http-parser
Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...
Astra Linux – Vulnerability in Firefox
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 106. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execut...
Astra Linux – Vulnerability in Firefox and Thunderbird
If an out-of-memory condition occurs when creating a JavaScript global, the JavaScript realm may be deleted, while references to it still exist in the BaseShape. This could lead to a use-after-free situation, potentially causing a exploitable crash. This vulnerability affects Firefox ESR 102.5,...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 105 and Firefox ESR 102.3. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...
Astra Linux – Vulnerability in grub2
When rendering certain Unicode sequences, Grub2’s font code does not properly validate whether the width and height of the glyph are within the bitmap size. As a result, an attacker can create an input that will cause an out-of-bounds write to Grub2’s heap, leading to memory corruption and...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsbmaplookupatlevel in the file fs/nilfs2/inode.c of the nilfs2 component. Manipulation of this function can lead to a null pointer dereference. The attack can be launched...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability has been discovered in the Linux kernel. It has been identified as a problem. The vulnerability affects the intrcallback function in the drivers/net/usb/r8152.c file of the BPF component. Manipulation of this function results in the logging of excessive data. The attack can be...
Astra Linux – Vulnerability in ncurses
ncurses 6.3 before patch 20220416 contains a buffer overflow vulnerability and segmentation violation in the convertstrings function in the tinfo/readentry.c file of the terminfo library...
Astra Linux – Vulnerability in Apache2
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a Lua script that calls r:parsebody0 may cause a denial of service due to the lack of a default limit on the possible input size...
Astra Linux – Vulnerability in grub2
A buffer overflow was detected in grubfontconstructglyph. A maliciously crafted pf2 font can cause an overflow when calculating the maxglyphsize value. This results in allocating a buffer that is smaller than necessary for the glyph, leading to another buffer overflow and an out-of-bounds write t...
Astra Linux – Vulnerability in Apache2
Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...
Astra Linux – Vulnerability in Ruby-Nokogiri
Nokogiri is an open-source XML and HTML library for Ruby. Nokogiri contains a regular expression that is inefficient and prone to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri = 1.13.4. There are no known solutions to this...
Astra Linux – Vulnerability in Tomcat9
The fix for the bug CVE-2020-9484 introduced a “time of check, time of use” vulnerability in Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56, and 8.5.55 to 8.5.73 versions of Tomcat. This vulnerability allowed a local attacker to perform actions with the privileges of...
Astra Linux – Vulnerability in e2fsprogs
A out-of-bounds read/write vulnerability was discovered in e2fsprogs 1.46.5. This issue results in a segmentation fault and may allow for arbitrary code execution through a specially crafted filesystem...
Astra Linux – Vulnerability in unzip
A flaw was discovered in Unzip. The vulnerability occurs during the conversion of a wide string to a local string, resulting in an out-of-bound write operation on the heap. This flaw allows an attacker to submit a specially crafted zip file, causing a crash or code execution...
Astra Linux – Vulnerability in sudo
In Sudo version 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a non-existent user by executing sudo with a numerical UID that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability, as executing a command via sudo a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netlink: added nla be16/32 types to the minlen array BUGs: KMSAN: uninit-value in nlavalidaterangeunsigned, lib/nlattr.c:222 inline BUGs: KMSAN: uninit-value in nlavalidateintrange, lib/nlattr.c:336 inline BUGs: KMSAN:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1
An integer overflow flaw was discovered in the Linux kernel. This issue causes the kernel to allocate skbsharedinfo in the user space, which can be exploited in systems without SMAP protection, as skbsharedinfo contains references to function pointers...
Astra Linux – Vulnerability in Linux 5.10, Linux
A use-after-free vulnerability was discovered in the Linux kernel’s ext4 file system, particularly regarding the handling of the additional inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: zonefs: fixed zonefsiomapbegin for reads. If a readahead operation is issued on a sequential zone file with an offset that exactly equals the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent any I/O...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Netfilter: Use getrandomu32 instead of prandom. This issue may occur when updating the per-cpu rndstate from a user context, i.e., the localout path. BUG: Using smpprocessorid in preemptible 00000000 code: nginx/2725. Caller is...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: cgroup: Use separate source/destination nodes when preloading csssets for migration. Each cssset is associated with its corresponding tasks. When moving tasks between csssets during a migration, we need to keep the source and...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: sfc: Fixed an issue where a use-after-free occurred when disabling sriov. The use-after-free was detected by kfence when disabling sriov. What was read after it was freed was vf-pcidev: it was freed from pcidisablesriov, and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ath10k: Skip ath10khalt during suspend for the driver state RESTARTING. A double-free crash occurs when FW recovery caused by wmi timeout/crash is followed by an immediate suspend event. FW recovery is triggered by...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: remoteproc: Fixed the count check in rproccoredumpwrite. The check for the count being 0 was corrected to avoid a potential underflow. The check is identical to that in rprocrecoverywrite...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: mISDN: Fixed a memory leak in dsppipelinebuild. dsppipelinebuild allocates a dup pointer using kstrdupcfg, but then it updates the dup variable using strsep&dup, “|”. As a result, when it calls kfreedup, the dup variable...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: A use-after-free issue was addressed for aborted SSP/STP SAS tasks. Currently, a use-after-free may occur if a SAS task is aborted by the upper layer before we handle the I/O completion in mpisspcompletion or...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed error handling in ext4fcrecordmodified inode. The current code does not properly handle the krealloc error case, which could lead to silent memory corruption or a kernel bug. This patch addresses this issue...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Use VMMAP instead of VMALLOC for the ringbuf area. After the commit 2fd3fb0be1d1 “KASAN, vmalloc: Unpoison VMALLOC pages after mapping”, non-VMALLOC mappings will be marked as accessible in getvmareanode when KASAN is enable...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: vt: Fixed memory overlap issues when deleting characters from the buffer. A memory overlap copy occurs when deleting a long line. This memory overlap can lead to data corruption when scrmemcpyw is optimized to memcpy, because...
Astra Linux – Vulnerability in Linux 5.10
A issue was discovered in the Linux kernel before version 6.0.11. Missing validation of the IEEE80211P2PATTROPERCHANNEL in the drivers/net/wireless/microchip/wilc1000/cfg80211.c file within the WILC1000 wireless driver can lead to a out-of-bounds write when parsing the channel list attribute from...
Astra Linux – Vulnerability in Linux 5.10, Linux
A flaw in incorrect access control in the Linux kernel’s USB core subsystem was discovered in the way users attach USB devices. A local user could exploit this flaw to crash the system...
Astra Linux – Vulnerability in libxml2
A issue was discovered in libxml2 before version 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters may overflow. This leads to an attempt to access an array at a negative 2GB offset, typically resulting in a segmentation fault...
Astra Linux – Vulnerability in Linux 5.10, Linux
A issue was discovered in the Linux kernel through version 5.18.14. The xfrmexpandpolicies function in net/xfrm/xfrmpolicy.c can cause the refcount to be dropped twice...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability was discovered in the Linux kernel. It has been classified as critical. This issue affects the devlinkparamset/devlinkparamget functions in the net/core/devlink.c file of the IPsec component. The vulnerability allows for exploitation after memory allocation. It is recommended that...
Astra Linux – Vulnerability in Linux 5.10, Linux
A NULL pointer dereference flaw exists in the diFree function in the fs/jfs/inode.c file of the Journaled File System JFS in the Linux kernel. This flaw could allow a local attacker to crash the system or leak internal kernel information...
Astra Linux – Vulnerability in Linux 5.10, Linux
The Linux kernel before version 5.17.2 mishandles seccomp permissions. The PTRACESEIZE code path allows attackers to bypass the intended restrictions on setting the PTSUSPENDSECCOMP flag...
Astra Linux – Vulnerability in grub2
There is a use-after-free vulnerability in the grubcmdchainloader function. The chainloader command is used to boot up operating systems that do not support multiboot and do not have direct support from GRUB2. When executing chainloader more than once, a use-after-free vulnerability is triggered...
Astra Linux – Vulnerability in curl
libcurl will reuse a previously established connection even when options related to TLS or SSH have been changed, which should prevent such reuses. libcurl stores previously used connections in a connection pool, allowing for reuse if one of them matches the current setup. However, several TLS an...
Astra Linux – Vulnerability in curl
libcurl provides the CURLOPTCERTINFO option to allow applications to request details about a server’s certificate chain. Due to a faulty function, a malicious server could cause libcurl, built with NSS, to get stuck in an endless busy-loop when attempting to retrieve that information...
Astra Linux – Vulnerability in Mariadb 10.3
It has been discovered that MariaDB Server v10.9 and earlier contains a segmentation fault due to the component sql/sqlwindow.cc...
Astra Linux – Vulnerability in Freetype
It was discovered that commit 53dfdcd8198d2b3201a23c4bad9190519ba918db of FreeType contains a segmentation violation due to the FNTSizeRequest function...
Astra Linux – Vulnerability in Freetype
It was discovered that commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 of FreeType contains a segmentation violation due to the FTRequestSize function...
Astra Linux – Vulnerability in net-snmp
Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable” to cause a NULL pointer dereference. Version 5.9.2 includes a patch to addres...
Astra Linux – Vulnerability in net-snmp
Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could exploit an improper input validation vulnerability when setting malformed OIDs in both the master agent and subagent simultaneously. Version 5.9.2...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2, an...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected include Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2, and 22.1.0. This easily...