18095 matches found
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Blink in Google Chrome prior to version 101.0.4951.41 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially execute a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation of Omnibox in Google Chrome prior to version 99.0.4844.51 allowed an attacker with privileged network access to perform a man-in-the-middle attack through malicious network traffic. Chromium security severity: Low...
Astra Linux – Vulnerability in Firefox
A use-after-free crash could occur on macOS if a Firefox update was applied to a heavily utilized system. This could lead to a exploitable crash. This vulnerability affects Firefox versions earlier than 122...
Astra Linux – Vulnerability in libxml2
Possible cross-site scripting vulnerability in libxml after commit 960f0e2...
Astra Linux – Vulnerability in libcroco
The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error through a crafted CSS file...
Astra Linux – Vulnerability in Thunderbird
Unexpected data returned from the Safe Browsing API could lead to memory corruption and potentially exploitable crashes. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...
Astra Linux – Vulnerability in PostgresSQL 11
Row security policies ignore changes to user IDs after inline operations. PostgreSQL may allow incorrect policies to be applied in certain cases where role-specific policies are used, and where a given query is planned to be executed under one role and then executed under another role. This...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, as well as macOS Ventura 13.3. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: gfs2: Always check the inode size of inline inodes. Check whether the inode size of inline inodes is within the allowed range when reading inodes from the disk gfs2dinodein. This prevents on-disk corruption. The two checks in...
Astra Linux – Vulnerability in Wireshark
Due to a failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and earlier, under an unusual configuration, is susceptible to a heap-based buffer overflow, and potentially code execution within the context of the process running Wireshark...
Astra Linux – Vulnerability in Thunderbird
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way, Thunderbird repeatedly attempts to process and display the message. This could cause Thunderbird’s user interface to lock up and no longer respond to the user’s actions. An attacker could send a crafted message with this...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - tcp: tcpmakesynack can now be called from process context. - tcprtxsynack can now be called in process context, as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". - tcprtxsynack may call...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: added a null check for devmkmallocarray in fdpncii2creaddeviceproperties. devmkmallocarray may fail, and fwvsccfg may be null, causing an out-of-bounds write in devicepropertyreadu8array later...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ravb: Fixed the use-after-free issue in ravbtxtimeoutwork. The ravbstop function should call cancelworksync. Otherwise, ravbtxtimeoutwork may use the freed private data after ravbremove is called, as follows: CPU0 CPU1...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Proper initialization of the struct pn533outarg structure. The struct pn533outarg, which serves as a temporary context for outurb, is not initialized properly. Its uninitialized ‘phy’ field can be dereferenced in erro...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by an improper input validation vulnerability, which may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: tunnels: Annotations were added for lockless accesses to dev-neededheadroom. IP tunnels can apparently update dev-neededheadroom during their xmit path. This patch addresses issues related to three types of tunnels xmit, ...
Astra Linux – Vulnerability in Ceph
A privilege escalation flaw was discovered in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root through a crash dump, thereby exposing privileged information...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dm-integrity: A memory leak was fixed when rechecking the data. The memory allocated for the “checksums” pointer will be leaked if the data is rechecked after a checksum failure because the associated kfree operation will not occ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed a NULL pointer derefrence in f2fssubmitpagewrite BUG: NULL pointer derefrence in the kernel; address: 0000000000000014 RIP: 0010:f2fssubmitpagewrite+0x6cf/0x780 f2fs Call Trace: ? show regs+0x6e/0x80 ? die+0x29/0x70 ?...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed a panic that occurred when nfs4fflayoutprepareds failed. We have observed the following panics in production: BUG: NULL pointer dereferencing in the kernel, address: 0000000000000065 PGD: 2f485f067; P4D: 2f485f067;...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: hns3: Fix for kernel crash when 1588 messages are received on HIP08 devices HIP08 devices do not register as ptp devices. As a result, hdev-ptp is NULL. However, the hardware can receive 1588 messages and set the HNS3RXDTSVL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglinkaltmode: fixed the use-after-free issue related to the DRM bridge. A recent DRM implementation that claimed to simplify support for “transparent bridges” and handling probe deferments ironically exposed a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create the debugfs ttmresourcemanager entry only if needed The driver creates /sys/kernel/debug/dri/0/mobttm even when the corresponding ttmresourcemanager is not allocated. This leads to a crash when trying to read...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fixed a NULL pointer dereferencing issue when getting the power limit. Since the initialization of powerplaytable is skipped under the sriov case, we check and set default lower and upper OD values if powerplaytabl...
Astra Linux – Vulnerability in libstb
It was discovered that STB v2.27 contains an integer shift of invalid size in the component stbijpegdecodeblockprogac...
Astra Linux – Vulnerability in the 389-DS-base
A flaw was discovered in 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can access a NULL pointer dereferencing using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is associated with an incomple...
Astra Linux – Vulnerability in Linux 5.15
A buffer overflow vulnerability was discovered in the Linux kernel’s Intel iSMT SMBus host controller driver, particularly in its handling of the I2CSMBUSBLOCKPROCCALL case using the ioctl I2CSMBUS function. This flaw could allow a local user to cause the system to crash...
Astra Linux – Vulnerability in ffmpeg
A issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks a check on the return value of avmalloc. This leads to a null pointer dereferencing, which affects functionality...
Astra Linux – Vulnerability in Intel Microcode
Incorrect default permissions in some memory controller configurations for certain IntelR XeonR processors when using IntelR Software Guard Extensions may allow a privileged user to potentially enable privilege escalation through local access...
Astra Linux – Vulnerability in Linux 5.15
The rpmsgprobe function in the drivers/rpmsg/virtiorpmsgbus.c file in the Linux kernel, prior to version 5.18.4, contains a double-free issue...
Astra Linux – Vulnerability in libsdl1.2
It was discovered that SDL v1.2 contains a use-after-free issue due to the XFree function in the file /src/video/x11/SDLx11yuv.c...
Astra Linux – Vulnerability in Linux 5.15
A vulnerability, classified as problematic, has been identified in the Linux kernel. This issue affects the functions unixsockdestructor/unixreleasesock in the file net/unix/afunix.c of the BPF component. The manipulation leading to this issue results in a memory leak. It is recommended that a...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
A vulnerability, classified as problematic, was discovered in the Linux kernel. This vulnerability affects the tcpgetsockopt/tcpsetsockopt functions of the TCP Handler component. Manipulation of these functions can lead to a race condition. It is recommended that a patch be applied to address thi...
Astra Linux – Vulnerability in Linux, Linux 5.15
A vulnerability has been identified in the Linux kernel and is classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the IPv6 Handler component. The vulnerability causes a race condition. It is recommended that a patch be applied to address this issue...
Astra Linux – Vulnerability in xorg-server
A vulnerability was discovered in X.Org. This issue arises due to a dangling pointer in DeepCopyPointerClasses, which can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read from and write to freed memory. This can lead to local privilege escalation on systems where the X server...
Astra Linux – Vulnerability in PHP 7.3
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hashes end up in the password database, it may allow an application to accept any password for that entry as valid...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In bindervmaclose of binder.c, there is a potential exploit after the free function call due to improper locking. This could lead to a local escalation of privileges without the need for additional execution privileges. User interaction is not required for this exploitation. Product: Android...
Astra Linux – Vulnerability in sudo
In Sudo before 1.9.12p2, the sudoedit also known as -e feature improperly handles additional arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process. This can lead to...
Astra Linux – Vulnerability in Git
Git is a revision control system. By using a specially crafted repository, Git versions prior to 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 could be tricked into using its local clone optimization, even when using a non-local transport. Although Git will...
Astra Linux – Vulnerability in WebKit2GTK
A type confusion issue has been addressed through improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, and Safari. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that...
Astra Linux – Vulnerability in imagemagick
In ImageMagick, there is a value of the type 'unsigned int' that is outside the representable range in MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0...
Astra Linux – Vulnerability in imagemagick
In ImageMagick versions before 7.0.9-0, there are values that are outside the representable range for the 'float' type, located in MagickCore/quantize.c...
Astra Linux – Vulnerability in imagemagick
Due to a missing check for the 0 value of replaceextent, it is possible for the offset p to overflow in SubstituteString, potentially affecting application availability. This issue can be triggered by an input file crafted with ImageMagick. The flaw affects ImageMagick versions prior to 7.0.8-68...
Astra Linux – Vulnerability in libstb
Buffer overflow vulnerability in the function stbiextendreceive in stbimage.h in stb 2.26, caused by a crafted JPEG file...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick versions prior to 7.0.11. In versions before 7.0.11, a division by zero in the sRGBTransformImage function within MagickCore/colorspace.c could lead to undefined behavior when processing a malicious image file submitted by an attacker through an application th...
Astra Linux – Vulnerability in Linux 5.15, Linux
Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access...