18095 matches found
Astra Linux – Vulnerability in openimageio
A read vulnerability exists in the handling of IPTC data when parsing TIFF images in OpenImageIO v2.3.19.0. A specially crafted TIFF file can cause a read of adjacent heap memory, potentially exposing sensitive process information. An attacker can provide a malicious file to exploit this...
Astra Linux – Vulnerability in golang-golang-x-net
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which can be manipulated by...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmfmac – Check the count value of the channel specification to prevent out-of-bounds reads This patch fixes out-of-bounds reads in brcmfconstructchaninfo and brcmfenablebw402g, which occur when the count value of the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix error handling code in ufxusbprobe The current error handling code in ufxusbprobe contains many inconsistencies. For example, the function ufxfreeusblist is missing, and the destroymodedb label should only...
Astra Linux – Vulnerability in Intel Microcode
Unauthorized error injection in IntelR SGX or IntelR TDX for certain IntelR XeonR processors may allow a privileged user to potentially enable privilege escalation through local access...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Fixed a possible name leak in tcmloopsetuphbabus. If deviceregister fails in tcmloopsetuphbabus, the name allocated by devsetname needs to be freed. As noted in the comments for deviceregister, it should us...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions of FreeRDP are subject to a null pointer dereference that can lead to a crash in the RemoteFX rfx handling. Within the rfxprocessmessagetileset function, the program allocates...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an integer underflow leading to out-of-bounds read operations in the zgfxdecompresssegment function. In the context of CopyMemory, it’s possible to read dat...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions, there is a Global-Buffer-Overflow in the ncrushdecompress function. Feeding crafted input into this function can trigger the overflow, which has only been shown to cause a...
Astra Linux – Vulnerability in Samba
A design flaw was identified in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users with the GETCHANGES permission to access all attributes, including sensitive...
Astra Linux – Vulnerability in edk2
EDK2’s Network Package is vulnerable to a out-of-bounds read vulnerability when processing the Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of confidentiality...
Astra Linux – Vulnerability in edk2
EDK2’s Network Package is vulnerable to a out-of-bounds read vulnerability when processing the IANA or IATA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of confidentiality...
Astra Linux – Vulnerability in edk2
EDK2’s Network Package is vulnerable to a buffer overflow vulnerability due to the long server ID option in DHCPv6 clients. This vulnerability can be exploited by an attacker to gain unauthorized access and may result in a loss of confidentiality, integrity, and/or availability...
Astra Linux - Vulnerability in Golang-1.19
When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as “Authorization” or “Cookie”. For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A issue was discovered in the IGB driver’s source code, located in the file drivers/net/ethernet/intel/igb/igbmain.c, prior to version 6.5.3 of the Linux kernel. A buffer size may not be sufficient for frames that are larger than the MTU Maximum Transmission Unit...
Astra Linux – Vulnerability in ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was detected within the smsdecodeaddressfield function during the SMS PDU decoding process. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, ...
Astra Linux – Vulnerability in ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was triggered within the decodedeliverreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through...
Astra Linux – Vulnerability in ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodestatusreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A use-after-free vulnerability exists in the netfilter component of the Linux kernel’s code, specifically the nftables module. This vulnerability can be exploited to achieve local privilege escalation. Due to a race condition between the netlink control plane transaction of the nftables module an...
Astra Linux – Vulnerability in Samba
A vulnerability was discovered in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack components. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one...
Astra Linux – Vulnerability in libstb
It was discovered that Nothings stb 2.28 contains a Null Pointer Dereference issue through the stbiconvertformat function. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted PIC file...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A race condition was detected in the QXL driver within the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle function. However, the handle is the only entity that holds a reference to qobj. This flaw allows an attacker to guess the val...
Astra Linux – Vulnerability in OpenVSwitch
A flaw was discovered in Open vSwitch, where multiple versions are vulnerable to crafted Geneve packets, which may lead to a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled...
Astra Linux – Vulnerability in librabbitmq
A vulnerability was discovered in the C AMQP client library also known as rabbitmq-c for RabbitMQ in versions up to 0.13.0. credentials can only be entered via the command line e.g., for amqp-publish or amqp-consume, and therefore they are visible to local attackers who can list processes along...
Astra Linux – Vulnerability in libvirt
A flaw was discovered in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, leading to a race condition and a denial of service when attempting to lock the same object from another thread. This issue could cause clients connecting to the read-only socket ...
Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src
In Qt versions prior to 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there may be an application crash in QXmlStreamReader due to a crafted XML string, causing a situation where a prefix is greater than a certain length...
Astra Linux – Vulnerability in liblivemedia
In Live555 0.95, there is a buffer overflow due to a large integer in the Content-Length HTTP header. This occurs because the handleRequestBytes function uses a memmove operation without proper bounds...
Astra Linux – Vulnerability in Nasm
A Use After Free vulnerability exists in the newToken function in asm/preproc.c in nasm 2.14.02, allowing attackers to cause a denial of service through crafted nasm commands...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Disallowed timeout for anonymous sets. These parameters have never been used in the user space; hence, they are not allowed...
Astra Linux – Vulnerabilities in Linux, Linux-6.1, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Check rcureadlockTraceheld before calling BPF map helpers. These three BPFmaplookup,update,deleteelem helpers are also available for sleepable BPF programs. Therefore, add the corresponding lock assertion for sleepable BP...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driveroverride when rpmsgremove Free driveroverride when rpmsgremove. Otherwise, the following memory leak will occur: Unreferenced object 0xffff0000d55d7080 size 128: comm "kworker/u8:2", pid 56, jiffies...
Astra Linux – Vulnerability in ncurses
A buffer overflow vulnerability exists in the postprocessterminfo function in tinfo/parseentry.c:997 within ncurses 6.1. This vulnerability allows remote attackers to cause a denial of service by using crafted commands...
Astra Linux – Vulnerability in ldns
When ldns version 1.7.1 verifies a zone file, the ldnsrrnewfrmstrinternal function has a heap out-of-bounds read vulnerability. An attacker can leak information from the heap by constructing a zone file payload...
Astra Linux – Vulnerability in curl
An integer overflow vulnerability exists in the tooloperate.c file of curl 7.65.2, which can be exploited by using a large value as the retry delay. NOTE: Many reports indicate that this does not have a direct security impact on the curl user. However, it may in theory cause a denial of service t...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: Fixed a race condition when enabling fast-xmit. fast-xmit must only be enabled after the station has been uploaded to the driver. Otherwise, it might pass the yet-to-be-uploaded station through drvtx calls to the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs – fixed an issue of out-of-bounds access due to short inputs. The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes. For tail blocks or inputs that are shorter than 128 bytes, it will fall...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm/swap: fixed a race condition when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swap the same entry at the same time, they may obtain different pages A, B. Before one thread T0 finishe...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fixed the issue where memory was disabled if the DVSEC CXL range did not match a CFMWS window. The Linux CXL subsystem is based on the assumption that HPA == SPA. That is, the host physical address HPA of HDM decoder...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoiding deadlock on the delete association path When deleting an association, the shutdown path experiences a deadlock condition because we try to flush the nvmetwq nested structure. This issue can be avoided by delayi...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: ti: edma: Added some null pointer checks to the edmaprobe. The devmkasprintf function returns a pointer to dynamically allocated memory, which may be NULL in case of failure. Ensure that the allocation was successfu...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: Device name buffers passed to the device replace function are properly validated for string termination. This prevents a read out of bounds situation in the getnamekernel function. There is a syzbot report...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ceph: The “use after free” error was caught by KASAN at the line cephbuffergetarg-xattrbuf;. This means that the reference count could not be incremented before the memory was freed. In the same file, in the handlecapgrant...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed MST Null Ptr for RV The change attempts to fix the following error specific to the RV platform: BUG: Kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOPTI...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished. syzkaller reported a warning 0 in inetcskDestroySock, with no repro. WARNONinetsksk-inetnum && !inetcsksk-icskBindHash; However, syzkaller’s log...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: usb: cdns3: fixed memory usage after freeing variables at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ‘privreq’ is actually freed during...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drivers: base: dd: A memory leak has been fixed when using debugfslookup. When calling debugfslookup, the result must also call dput; otherwise, a memory leak will occur over time. To simplify things, simply call...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: Component – A memory leak was fixed in the use of debugfslookup. When calling debugfslookup, the result must also call dput on it; otherwise, a memory leak will occur over time. To simplify things, simply call...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fixed the fout leak in hbm’s runbpfprog. Fixed the issue where fout was opened using fopen, but fclose wasn’t performed afterward. In the affected branch, fout otherwise would go out of scope...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validated the box size for the snooped cursor. Invalid user-space DMA surface copies could potentially cause an overflow when copying data from the surface to the snooped image, leading to crashes. To address this...