18102 matches found
Astra Linux – Vulnerability in Vim
NULL pointer dereferencing in the GitHub repository for vim/vim before version 9.0.1531...
Astra Linux – Vulnerability in OpenSSL
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems such as OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS without a message size limit may...
Astra Linux – Vulnerability in Golang-1.19
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates that contain multiple actions separated by a '/' character may cause the CSS context to close unexpectedly, allowing for the injection of unexpected HTML, if executed with untrusted input...
Astra Linux – Vulnerability in Golang-1.19
Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...
Astra Linux – Vulnerability in Golang-1.19
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate significantly more memory than is...
Astra Linux – Vulnerability in Golang-1.19
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return incorrect results if called with certain specific unreduced scalars scalars that are larger than the order of the curve. This does not affect the usage of crypto/ecdsa or crypto/ecdh...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
Incorrect verifier pruning in the BPF module of the Linux kernel version 5.4 and above leads to unsafe code paths being incorrectly marked as safe. This results in arbitrary read/writes to kernel memory, lateral privilege escalation, and container escapes...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the Linux kernel through version 6.0.10. In the file drivers/media/dvb-core/dvbcaen50221.c, a use-after-free condition can occur due to the lack of a waitevent after a disconnection occurs...
Astra Linux – Vulnerability in Golang-1.19
There is a path traversal vulnerability in the filepath.Clean function on Windows. On Windows, the filepath.Clean function could transform an invalid path such as “a/../c:/b” into the valid path “c:\b”. This transformation of a relative if invalid path into an absolute path could enable a directo...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. A specially crafted Lua script executed in Redis can trigger a heap overflow in the cjson library, leading to heap corruption and potentially remote code execution. This issue exists in all versions of Redis that support Lua scripting,...
Astra Linux – Vulnerability in libssh2
In libssh2 before version 1.9.0, the kexmethoddiffiehellmangroupexchangesha256keyexchange function in kex.c contains an integer overflow that could lead to an out-of-bounds read when packets are read from the server. A remote attacker who compromises an SSH server may be able to disclose sensitiv...
Astra Linux – Vulnerability in sudo
Before version 1.9.13, sudo did not escape control characters in the sudoreplay output...
Astra Linux – Vulnerability in sudo
Before version 1.9.13, Sudo did not escape control characters in log messages...
Astra Linux – Vulnerability in Wireshark
The GQUIC dissector crash in Wireshark versions 4.0.0 to 4.0.4, and 3.6.0 to 3.6.12 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...
Astra Linux – Vulnerability in Dbus
A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...
Astra Linux – Vulnerability in Dbus
A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures...
Astra Linux – Vulnerability in protobuf-c
It was discovered that Protobuf-c v1.4.0 contains an invalid arithmetic shift through the parsetagandwiretype function in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS attack through unspecified vectors...
Astra Linux – Vulnerability in binutils
A issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in the processmipsspecific function in readelf.c, due to a malformed MIPS option section...
Astra Linux – Vulnerability in binutils
“rememberKtype” in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption also known as OOM. This can occur during the execution of cxxfilt...
Astra Linux – Vulnerability in binutils
The demangletemplate function in cplus-dem.c within GNU libiberty, as part of GNU Binutils 2.30, allows attackers to trigger excessive memory consumption also known as OOM during the “Create an array for saving the template argument values” XNEWVEC call. This can occur during the execution of...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A issue was discovered in the Linux kernel before version 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free condition, as “accept” is also allowed for a successfully connected AFNETROM socket. However, for an attacker to exploit this vulnerability, the system must have netrom routing...
Astra Linux – Vulnerability in HAPProxy
Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk.Authenticated users can issue HRANDFIELD or ZRANDMEMBER commands with specially crafted arguments to trigger a denial-of-service attack, causing Redis to crash due to an assertion failure. This vulnerability affects Redis versions 6.2 or...
Astra Linux – Vulnerability in Linux, Linux 5.10
A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...
Astra Linux – Vulnerability in Linux 5.10, Linux
There is a use-after-free vulnerability in the Linux Kernel that can be exploited to achieve local privilege escalation. To exploit this vulnerability, the CONFIGTLS or CONFIGXFRMESPINTCP kernel configuration flags must be set; however, the operation does not require any special privileges. There...
Astra Linux – Vulnerability in Linux 5.10, Linux
There is a speculative pointer dereferencing issue in the Linux kernel, specifically with the doprlimit function. The value of the resource argument is controlled and is used in pointer arithmetic for the ‘rlim’ variable. This can lead to the leakage of its contents. We recommend upgrading to a...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start The ieee80211txbasessionhandlestart function may return NULL for sdata when a deauthentication process is ongoing. Here is a trace that illustrates the race condition involving...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: misc: fastrpc: Do not remove the map from createprocess and devicerelease functions. Do not remove the map from the list during the error handling in fastrpcinitcreateprocess. Instead, call fastrpcmapput to avoid a...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk.Authenticated users who execute specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, causing Redis to attempt to allocate an impossible amount of memory and result in a Memory Out of Control OOM panic. This issue...
Astra Linux – Vulnerability in gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using HEADERSTRIP decompression. Integer overflow occurs in the matroskaparse element within the gstmatroskadecompressdata function, leading to a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, this overflow cannot ...
Astra Linux – Vulnerability in gst-plugins-good1.0
Integer overflow in the avidemux element within the gstavidemuxinvert function, which allows for a heap overwrite during the parsing of AVI files. There is a potential for arbitrary code execution due to the heap overwrite...
Astra Linux – Vulnerability in Tiff
Libtiff 4.5.0 is vulnerable to a Buffer Overflow issue through the use of the extractContigSamplesShifted8bits function, located at /libtiff/tools/tiffcrop.c:3753...
Astra Linux – Vulnerability in Git
Git, a version control system, is vulnerable to path traversal before versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By providing a crafted input to git apply, it is possible to overwrite paths outside of the working tree, as long as the user running...
Astra Linux – Vulnerability in Node.js
There is a vulnerability related to untrusted search paths in Node.js. Versions 19.6.1, 18.14.1, 16.19.1, and 14.21.3 may allow an attacker to search for data and potentially load ICU data when running with elevated privileges...
Astra Linux – Vulnerability in sudo
In Sudo before 1.9.12p2, the sudoedit also known as -e feature improperly handles additional arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process. This can lead to...
Astra Linux – Vulnerability in TIF format
LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3724 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...
Astra Linux – Vulnerability in TIF format
LibTIFF 4.4.0 contains an out-of-bounds read in tiffcrop at line 3400 of tools/tiffcrop.c, allowing attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile LibTIFF from source code, the fix is available in the commit afaabc3e...
Astra Linux – Vulnerability in Wireshark
The TIPC dissector crashes in Wireshark versions 4.0.0 to 4.0.2, and 3.6.0 to 3.6.10. This issue allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Wireshark
Excessive loops in multiple dissectors in Wireshark versions 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 allow denial of service via packet injection or crafted capture files...
Astra Linux – Vulnerability in Linux, Linux 5.10
A NULL pointer dereference flaw was discovered in the rawv6pushpendingframes function in net/ipv6/raw.c within the network subcomponent of the Linux kernel. This flaw can cause the system to crash...
Astra Linux – Vulnerability in OpenSSL
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support SMIME, CMS, and PKCS7 streaming capabilities. However, it can also be called directly by end-user applications. This function receives a BIO from...
Astra Linux – Vulnerability in Vim
A null pointer dereferencing issue was discovered in the function guix11createblankmouse in guix11.c in vim 8.1.2269 through 9.0.0339. This issue allows attackers to cause denial of service or other unspecified impacts...
Astra Linux – Vulnerability in libsoup2.4
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives an HTTP response with a status code of 401 Unauthorized, which contains a specially crafted domain parameter within the WWW-Authenticate header...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: exfat: Fixed a double-free operation in the delayedfree function. The double-free could occur at the following paths: c exfatcreateupcasetable exfatcreateupcasetable : Return error exfatfreeupcasetable : Free -volutbl...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in Oracle Java SE Component: Compiler. The supported versions affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. This vulnerability is difficult to exploit, allowing an unauthenticated attacker with network access via multiple protocols to compromise...
Astra Linux – Vulnerability in Linux, Linux 5.15
A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...
Astra Linux – Vulnerability in Golang-1.19
A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...
Astra Linux – Vulnerability in binutils
A flaw was discovered in Binutils. The use of an uninitialized field in the struct module module may cause the application to crash and lead to a local denial of service...