18095 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed an issue where the HCAPORTS component was unregistered twice. Cleared hcadevcomcomp in the device’s private data after unregistering it during LAG teardown. Otherwise, a slightly delayed second pass through...
Astra Linux – Vulnerability in Chromium
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: SMB3: Added missing locks to protect the deferred close file list. The cifsdeldeferredclose function has a critical section that modifies the deferred close file list. We must acquire the deferredlock before calling the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: The mm structure is held during the iommusvaunbinddevice operation. Some tests cause a crash in iommusvaunbinddevice due to accessing the iommumm after the associated mm structure has been freed. The issue is fixed...
Astra Linux – Vulnerability in Gegl
GIMP HDR File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fixed BQL accounting for multi-BD TX packets. When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the actual length of each BD from the descriptor status into an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Do not block the input queue by waiting for the MSC response. Currently, the gsmqueue function processes incoming frames. When opening a DLC channel, it calls gsmdlciopen, which in turn calls gsmmodemupdate. If the bas...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: The work item for sending LS requests has been moved to the nvmetfclsreqop structure. It is possible for more than one async command to be executed by nvmetfcsendlsreq. For each command, a reference to the target port i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw88: use a work to update the rate to avoid RCU warnings. The ieee80211ops::starcupdate function must be atomic, because ieee80211chanbwchange holds a rcuread lock while calling drvstarcupdate. Therefore, a work must b...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RCU: Fixed the lockdep warning in thiscpuread in rcuforcequiescentstate. Running rcutorture with a non-zero fqsduration module parameter in a kernel built with CONFIGPREEMPTION=y results in the following error: BUG: Using...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed an out-of-bounds memset issue in command slot handling. The remaining space in a command slot may be smaller than the size of the command header. Clearing the command header using memset before verifying the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/rw: Potential allocated iovec in the cache may be freed after a failure. If a read/write request passes through ioreqrwcleanup, and an allocated iovec is attached to the request but fails to be placed into the rwcache, it...
Astra Linux – Vulnerability in WebKit2GTK
The issue was addressed through improved checks. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. A malicious website may exfiltrate data across origins...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Fixed the “kernel NULL pointer dereference” error. When the rxequeueinit function in the rxeqpinitreq function fails, both qp-req.task.func and qp-req.task.arg are not initialized. Due to the failure in creating the...
Astra Linux – Vulnerability in libpodofo
A stack-based buffer overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service through the ‘src/base/PdfDictionary.cpp:65’ component...
Astra Linux – Vulnerability in Ruby 2.5
REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.6 has a DoS vulnerability when it parses XMLs that contain many elements with the same local name attribute. If you need to parse untrusted XMLs using tree parser APIs like REXML::Document.new, you may be vulnerable to this...
Astra Linux – Vulnerability in Erlang
There is a vulnerability in the improper certificate validation process for Erlang OTP publickey pubkeyocsp module, which allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. The OCSP response verification in pubkeyocsp:verifyresponse/5 and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Limiting the size of BPF program signatures Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE. Allowing larger sizes opens the door for abuse by using excessively large size values and forcing the...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, videotimer could send client notifications after the control channel was closed, by dereferencing a freed callback and triggering an action after it was freed. This vulnerability has been fixed in version...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed during loop testing of the kexec jump: Interrupts were enabled after irqrouterresume+0x0/0x50 Warning: CPU: 0 PID: 560 at...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Prevent adding a device that is already a team device lower. For example, do not add veth0 if vlan1 has already been added, and veth0 is a subordinate device of vlan1. This approach is not practical in practice and may lead to...
Astra Linux – Vulnerability in Nasm
In libnasm.a of Netwide Assembler NASM 2.14.xx, asm/pragma.c allows for a NULL pointer dereferencing in processpragma, searchpragmalist, and nasmsetlimit when "%pragma limit" is mishandled...
Astra Linux – Vulnerability in unbound
Before version 1.9.5, Unbound allowed for an integer overflow in the size calculation in respip/respip.c. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an active Unbound installation cannot be exploited remotely or locally...
Astra Linux – Vulnerability in Chromium
The use of the “after free in storage foundation” feature in Google Chrome before version 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in GhostScript
A issue was discovered in Artifex Ghostscript prior to version 10.03.1. The file contrib/opvp/gdevopvp.c allows for arbitrary code execution through a custom Driver library, which can be exploited using a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK:...
Astra Linux – Vulnerability in Zabbix
A authenticated user can create a link containing reflected JavaScript code for the graphs page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...
Astra Linux – Vulnerability in Qemu
A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...
Astra Linux – Vulnerability in Ansible
A template injection vulnerability was identified in Ansible, where the internal templating operations of a user’s controller may remove the “unsafe” designation from template data. This issue could allow an attacker to use a specially crafted file to introduce template injection when supplying...
Astra Linux – Vulnerability in Linux 5.10
A flaw was discovered in the Linux kernel, specifically in the linux/net/netfilter/nftablesapi.c file of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue...
Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src
A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate...
Astra Linux – Vulnerability in Thunderbird, Firefox, NSS
An attacker could create a PKCS 12 certificate bundle in a way that allows arbitrary memory writes through the mishandled Safe Bag attributes of PKCS 12. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been addressed through improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7. Processing maliciously crafted web content may lead to code execution...
Astra Linux – Vulnerability in Firefox and Thunderbird
A malicious web page could have caused a “use-after-free” error, leading to memory corruption and potentially exploitable crashes. This bug can only be triggered when accessibility is enabled. This vulnerability affects Thunderbird 78.12, Firefox ESR 78.12, and Firefox 90...
Astra Linux – Vulnerability in Ansible
A flaw was identified in the use of insufficiently random values in Ansible. Two random password lookups of the same length result in the generation of the same value as the template caching action for the same file, since no re-evaluation occurs. The greatest risk posed by this vulnerability is...
Astra Linux – Vulnerability in sdl-image1.2
There is an exploitable code execution vulnerability in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating a buffer that is too small. This buffer can then be written beyond its boundaries, leading to a heap overflow a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – The WoW offload is only performed on the primary link. In cases of multi-link connections, the WCN7850 firmware crashes due to the WoW offload being enabled on both the primary and secondary links. This issue can b...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/zswap: The inconsistency that occurred when zswapstorepage failed has been fixed. The commit b7c0ccdfbafd “mm: zswap: support large folios in zswapstore” includes the following changes: It no longer charges any zswap entries...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939netdevstart: fixed a UAF Use-After-Free condition related to rxkref of j1939priv. This issue would trigger a UAF for rxkref of j1939priv as follows: cpu0 cpu1 j1939skBindsocket0, ndev0, … j1939netdevStart...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB Server versions 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., 11.0 through 11.0., and 11.1 through 11.4. crash when using Itemdirectviewref::derivedfieldtransformerforwhere...
Astra Linux – Vulnerability in Linux
A issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, also known as CID-5d069dbe8aaf. The fusedogetattr function calls makebadinode in inappropriate situations, causing a system crash. NOTE: The original fix for this vulnerability was incomplete, and its...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/smc: Fixed NULL pointer dereferencing in smcvlanbytcpsk. Coverity reports a possible NULL dereferencing issue: - In smcvlanbytcpsk: - 6. returnednull: netdevlowergetnext returns NULL checked 29 out of 30 times. - 7...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions through a crafted Chrome Extension. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. Chromium security severity: Medium...
Astra Linux – Vulnerability in ffmpeg
Buffer overflow vulnerability in FFmpeg 4.2, located in the filteredges function in libavfilter/vfyadif.c, which could allow a remote malicious user to cause a Denial of Service attack...
Astra Linux – Vulnerability in gnutls28
A issue was discovered in GnuTLS before version 3.6.15. A server can cause a NULL pointer dereferencing in a TLS 1.3 client if a norenegotiation alert is sent at an unexpected time, resulting in an invalid second handshake. The crash occurs during the application’s error handling process, where t...
Astra Linux – Vulnerability in Memcached
A buffer overflow vulnerability in the authfile.c memcached 1.6.9 allows attackers to cause a denial of service through a crafted authentication file...
Astra Linux – Vulnerability in Apache2
The Apache HTTP Server protocol handler for the HTTP/2 protocol checks the received request headers against the size limitations configured for the server. These restrictions are also applied to the HTTP/1 protocol. If any violations occur, an HTTP response is sent to the client with a status cod...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15, and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution...