18095 matches found
Astra Linux – Vulnerability in Chromium
Inappropriate implementations in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions through a crafted Chrome Extension. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. Chromium security severity: Medium...
Astra Linux – Vulnerability in ffmpeg
Buffer overflow vulnerability in FFmpeg 4.2, located in the filteredges function in libavfilter/vfyadif.c, which could allow a remote malicious user to cause a Denial of Service attack...
Astra Linux – Vulnerability in Chromium
Before version 97.0.4692.71, using Free after PDF accessibility in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: The release path is checked before inode lookup during the ino lookup ioctl operation. During the ino lookup ioctl operation, we may call btrfsiget to obtain an inode reference while we are holding onto the root’s btree...
Astra Linux – Vulnerability in Mariadb 10.3
A issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered. This issue allows attackers to cause a Denial of Service DoS attack through specially crafted SQL statements...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iouring: A check was added to prevent dereferencing of a NULL pointer when using the forced async preparation path, especially if no file has been assigned. The sequence of events leading to this issue is as follows: BUG:...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6nhinit syzbot reminds us that in6devget can return NULL. fib6nhinit ip6validategw &idev ip6routechecknh idev idev = in6devgetdev; // can be NULL Oops: general protection fault, probably fo...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: tipc: fixed a NULL dereference in cleanupbearer syzbot found that after a blamed commit, ub-ubsock-sk was NULL when attempting atomicdec: atomicdec&tipcnetsocknetub-ubsock-sk-wqcount; This issue can be fixed by caching the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A null pointer dereference issue was discovered in the SCTP network protocol within the net/sctp/streamsched.c file in the Linux kernel. If the streamin allocation fails, the streamout resource is freed, allowing further access to it. A local user could exploit this vulnerability to crash the...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger an...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger an...
Astra Linux – Vulnerability in opensc
Heap buffer overflow issues were identified in Opensc before version 0.22.0 in the pkcs15-oberthur.c file, which could potentially cause programs using the library to crash...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in imagemagick
ImageMagick versions before 6.9.11-40 and 7.x before 7.0.10-40 mishandle the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized, allowing additional shell commands to be injected through...
Astra Linux – Vulnerability in pypdf2
PyPDF2 is an open-source Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5, an attacker who exploited this vulnerability could create a PDF that would cause an infinite loop if the PyPDF2 code attempted to access the...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...
Astra Linux – Vulnerability in opensc
A vulnerability related to the “return issue” was discovered in Opensc before version 0.22.0. This vulnerability exists in the “insertpin” function, and it could potentially cause programs using the library to crash...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability classified as problematic has been discovered in the Linux kernel. The affected function is j1939sessiondestroy in the file net/can/j1939/transport.c. This manipulation leads to a memory leak. It is recommended that a patch be applied to fix this issue. The identifier of this...
Astra Linux – Vulnerability in Linux 5.15
A vulnerability has been identified in the Linux kernel and is classified as problematic. This vulnerability affects the function l2caprecvacldata in the file net/bluetooth/l2capcore.c of the Bluetooth component. The vulnerability causes a memory leak. It is recommended that a patch be applied to...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QEMU-built-in VNC server during the processing of ClientCutText messages. A incorrect exit condition may lead to an infinite loop when inflating a zlib buffer controlled by an attacker in the inflatebuffer function. This could allow a remotely authenticated client, wh...
Astra Linux – Vulnerability in Firefox and Thunderbird
An attacker could have triggered a “use-after-free” condition when creating a WebRTC connection via HTTPS. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A use-after-free flaw was identified due to a race between the superblock operations in the gadgetfs Linux driver. This flaw could be triggered by removing a device that is running the gadgetfs side...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A memory leak flaw was discovered in the Linux kernel’s Stream Control Transmission Protocol. This issue may occur when a user initiates a malicious networking service, and someone connects to this service. This could allow a local user to deplete resources, resulting in a denial of service...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
A race condition was detected in the Bluetooth device driver of the Linux kernel’s min,maxkeysizeset function. This can lead to a null pointer dereferencing issue, potentially causing a kernel panic or a denial-of-service attack...
Astra Linux – Vulnerability in p7zip
7-Zip SquashFS File Parsing: Out-of-Bounds Write Vulnerability Leading to Remote Code Execution. This vulnerability allows remote attackers to execute arbitrary code on affected 7-Zip installations. User interaction is required to exploit this vulnerability, as the target must visit a malicious...
Astra Linux – Vulnerability in opensc
A heap usage issue after a free operation was detected in Opensc before version 0.22.0 in scfilevalid...
Astra Linux – Vulnerability in Linux
A flaw involving double-free memory corruption in the Linux kernel’s HCI device initialization subsystem was discovered. This flaw allows a malicious HCI TTY Bluetooth device to be attached to the system. A local user could exploit this flaw to crash the system. This flaw affects all Linux kernel...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...
Astra Linux – Vulnerability in Firefox
When styling and rendering an oversized element, Firefox did not apply correct clipping, allowing an attacker to paint over the user interface. This vulnerability affects Firefox versions prior to 89...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fixed a NULL dereference in ath11kqmim3load. If ab-fw.m3data points to data, then the fw pointer remains null. Further, if m3mem is not allocated, then fw is dereferenced and passed to the ath11kerr function. Replac...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add the missing .thawnoirq hook. The following warning is observed when using non-console UART instances during system hibernation: 37.371969 ------------ Cut here --- 37.376599 uart3rootclk already disabled 37.38081...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix ref leak when switching zones When switching zones or network namespaces without performing a ct clear between them, a reference to the old ct entry is still leaked. This occurs because tcfctskbnfctcached...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttproxy: restrict to prerouting hook TPROXY is only allowed during prerouting, but nfttproxy does not check this. This fix resolves a crash null dereference that occurs when using tproxy from, for example, the output...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: bpf, cgroup: Fixed a kernel bug in purgeeffectiveprogs Syzkaller reported a triggered kernel bug as follows: ------------ Cut here ----------- Kernel bug at kernel/bpf/cgroup.c:925! Invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: EFI: Fixed NULL dereference in the init error path. In cases where runtime services are not supported or have been disabled, the runtime services’ workqueue will never be allocated. Do not attempt to destroy the workqueue...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A vulnerability was discovered in vhostnewmsg in drivers/vhost/vhost.c within the Linux kernel. This issue arises due to the improper initialization of memory in messages transmitted between virtual guests and the host operating system, as implemented in the vhostnewmsg function. This vulnerabili...
Astra Linux – Vulnerability in Linux
In the rbd block device driver located in drivers/block/rbd.c within the Linux kernel, up to version 5.8.9, incomplete permission checks were used for accessing rbd devices. This could have been exploited by local attackers to map or unmap rbd block devices, specifically the CID-f44d04e696fe devi...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The flow rule object is released from the commit path. There is no need to delay this process until the commit release path, as no packets traverse this object at all. This object is only accessed from the...
Astra Linux – Vulnerability in Chromium
The use of after-free in ANGLE in Google Chrome before version 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel, as access to the global variable fgconsole is not properly synchronized, resulting in a use after free in confontop...
Astra Linux – Vulnerability in SOX
In SoX 14.4.2, there is a floating-point exception in lsxaiffstartwrite in the aiff.c file of libsox.a...
Astra Linux – Vulnerability in Linux
A buffer overflow attack in fbcon in the Linux kernel before version 5.9.7 could be exploited by local attackers to read privileged information or potentially cause the kernel to crash. This issue is identified as CID-3c4e0dff2095. This vulnerability arises because the KDFONTOPCOPY function in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpib: A use-after-free occurred in the IO ioctl handlers. The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after the board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: usb: cdnsp: Fixed a deadlock issue in cdnspthreadirqhandler. The patch fixes the following critical issue caused by deadlock, which was detected during testing of the NCM class: - smp: csd: A non-responsive CSD lock 1 was...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, various XML functions rely on the libxml global state to track configuration variables, such as whether external entities are loaded. This state is assumed to remain unchanged unless the user explicitly changes it by...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed the leak in the waitfence submitqueue operation. We were not releasing the reference to submitqueue in all paths. In particular, this was not done when the fence had already been signaled. We have created a help...
Astra Linux – Vulnerability in bluez
BlueZ is a Bluetooth protocol stack for Linux. In affected versions, there is a vulnerability in sdpcstateallocbuf, which allocates memory that will always remain locked in the singly linked list of cstates and will not be freed. This will lead to a memory leak over time. The allocated data can b...
Astra Linux – Vulnerability in Qemu
A race condition flaw was discovered in the 9pfs server implementation of QEMU, up to and including version 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The greatest threat posed by this vulnerability is to...