18095 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A use-after-free vulnerability was discovered in the siano smsusb module within the Linux kernel. The bug occurs during device initialization, when the siano device is plugged in. This flaw allows a local user to crash the system, resulting in a denial-of-service condition...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ca8210: Fix for negative array access to maclen This patch addresses a buffer overflow issue where skb-data is accessed if ieee802154hdrpeekaddrs fails...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dmcrypt: added condresched to dmcryptwrite. The loop in dmcryptwrite may run for an unlimited amount of time; therefore, condresched is needed in it. This commit fixes the following warnings: 3391.153255 C12 watchdog: BUG: sof...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fixed the kernel data leak caused by ioctl calls. It is possible to view the data of kernel pages by providing a larger insize value in struct croseccommand1 when invoking EC host commands. This...
Astra Linux – Vulnerability in netcdf
The ezxmlnew function in ezXML 0.8.6 and earlier is vulnerable to OOB write attacks when opening an XML file after exhausting the memory pool...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof the browser UI through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in imagemagick
A issue was discovered with ImageMagick 7.1.0-4, involving division by zero in the ReadEnhMetaFile function of coders/emf.c...
Astra Linux – Vulnerability in Chromium
Object corruption in Blink in Google Chrome prior to version 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 91.0.4472.77, using "Use after free" in DevTools in Google Chrome allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code through a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of after-free in Blink in Google Chrome before version 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in openjpeg2
A flaw was discovered in the opj2decompress program within openjpeg2 2.4.0, particularly in its handling of an input directory containing a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, resulting...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in the Xorg-x11-server. A out-of-bounds access issue may occur in the ProcXkbSetGeometry function due to improper validation of the request length...
Astra Linux – Vulnerability in libraw
A flaw was discovered in LibRaw. A heap-buffer-overflow in the raw2imageex function, caused by a maliciously crafted file, may lead to an application crash...
Astra Linux – Vulnerability in avahi
A vulnerability was discovered in the avahi library. This flaw allows a non-privileged user to make a dbus call, causing the avahi daemon to crash...
Astra Linux – Vulnerability in Firefox
Under certain circumstances, calling the bind function might result in an incorrect realm being set. This could create a vulnerability related to JavaScript-implemented sandboxes, such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, and 8.2. before 8.2.7, when using SOAP HTTP Digest Authentication, the random value generator was not checked for failures. It used a narrower range of values than necessary. In the event of a random value generator failure, it could lead to...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 111. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Andro...
Astra Linux – Vulnerability in TeXeVe-bin
LuaTeX prior to version 1.17.0 allowed the execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because the luatex-core.lua file allows access to the io.popen function. This issue also affects TeX Live prior to version 2023 r66984 and MiKT...
Astra Linux – Vulnerability in Wireshark
In Wireshark versions 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13, the VMS TCPIP trace file parser crashes. This issue allows for denial of service through malicious capture files...
Astra Linux – Vulnerability in Wireshark
The NetScaler file parser crashes in Wireshark versions 4.0.0 to 4.0.5, and 3.6.0 to 3.6.13. This issue allows for denial of service through crafted capture files...
Astra Linux – Vulnerability in Wireshark
The GDSDB infinite loop in Wireshark versions 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in connman
The client.c file in gdhcp within ConnMan, as of version 1.41, can be exploited by network-adjacent attackers who operate a crafted DHCP server. This exploitation can lead to a stack-based buffer overflow and a denial of service attack, resulting in the termination of the connman process...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A flaw was discovered in the exFAT driver of the Linux kernel. The vulnerability resides in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the PrintPreview function in Google Chrome prior to version 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
The use of after-free in Media in Google Chrome before version 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in URL formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.51, using Accessibility in Google Chrome allowed a remote attacker who convinced a user to perform certain UI gestures to execute arbitrary read/write operations through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in hsqldb1.8.0, hsqldb
A flaw was discovered in the Libreoffice package. An attacker can create an odb file that contains a “database/script” file with a SCRIPT command. The contents of this file can then be written into a new file, whose location is determined by the attacker...
Astra Linux – Vulnerability in Firefox
Under certain circumstances, the offline cache of a ServiceWorker may have been leaked to the file system when using private browsing mode. This vulnerability affects Firefox versions earlier than 111...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/sched: schtaprio: fixed possible use-after-free issue. syzbot reported a serious crash 1 in nettxaction, which made no sense until we obtained a reproducible example. This example reinstalls the taprio qdisc, but an invali...
Astra Linux – Vulnerability in Linux 5.15
A use-after-free flaw was discovered in the Linux kernel. When a disk is removed, the bdiunregister function is called to stop further write-back operations, and the system waits for the associated delayed tasks to complete. However, the wb inodewritebackend function may schedule bandwidth...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A memory leak issue was discovered in the ctnetlinkcreateconntrack function within net/netfilter/nfconntracknetlink.c in the Linux kernel. This issue may allow a local attacker with CAPNETADMIN privileges to trigger a Denial-of-Service DoS attack due to a refcount overflow...
Astra Linux – Vulnerability in SQLite
The osunix.c file in SQLite before version 3.13.0 improperly implements the temporary directory search algorithm. This may allow local users to obtain sensitive information, cause a denial of service application crash, or have unspecified other impacts by leveraging the current working directory...
Astra Linux – Vulnerability in protobuf
A parsing issue similar to CVE-2022-3171 occurs when using textformat in the protobuf-java core and Lite versions before versions 3.21.7, 3.20.3, 3.19.6, and 3.16.3. This issue can lead to a denial-of-service attack. Inputs containing multiple instances of non-repeating embedded messages with...
Astra Linux – Vulnerability in Jackson-Databind
A deserialization flaw was discovered in Jackson-Databind through version 2.9.10.4. This flaw could allow unauthenticated users to execute code via Ignite-JTA or Quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and...
Astra Linux – Vulnerability in glibc
A out-of-bounds write vulnerability was discovered in glibc before version 2.31, when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick’s coders/jp2.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The greatest threat of this vulnerability is to system availability...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of after-free in Base Internals in Google Chrome before version 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Wireshark
ISO 15765 and ISO 10681 dissectors in Wireshark versions 4.0.0 to 4.0.3, and 3.6.0 to 3.6.11 allow denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: A race condition has been fixed, where eprobes can be called before the event occurs. The flag that instructs the event to call its triggers after reading the event is set for eprobes after they are enabled. This leads t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfs: Fixed missing xasretry calls during xarray iteration. netfslib has several places where it performs iteration of an xarray while being under the RCU read lock. It should call xasretry as the first step inside the loop. ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: Do not count unused/invalid keys for flow release. We are currently encountering the WARNON message in mctpi2cflowrelease: c if midev-releasecount midev-i2clockcount WARNONCE1, "Release count overflow"; This issue may...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: The flag SBRDONLY is no longer set during the f2fshandlecriticalerror function. The syzbot reported the following bug: ------------ Cut here ------------ WARNING: CPU: 1, PID: 58, in kernel/rcu/sync.c:177, function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed an overflow issue with sdiv. Zac Ecob reported a problem where a bpf program might cause a kernel crash due to the following error: Oops: Divide error: 0000 1 PREEMPT SMP KASAN PTI The failure is caused by the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: KVM: arm64: Fixed a shift-out-of-bounds bug Fixed a shift-out-of-bounds bug reported by UBSAN when running VMs with MTE enabled on host kernels. UBSAN: Shift-out-of-bounds in arch/arm64/kvm/sys regs.c:1988:14 The shift exponen...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/core: Page allocation is disabled in tasktickmmcid. With KASAN and PREEMPTRT enabled, calling taskworkadd within tasktickmmcid may cause the following crash. 63.696416 BUG: A sleeping function is called from an invalid...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fixed a potential memory leak in bcmaspxmit. The bcmaspxmit function returns NETDEVTXOK without freeing the skb object in case of mapping failures. Add devkfreeskb to address this issue...