18095 matches found
Astra Linux – Vulnerability in imagemagick
A vulnerability was discovered in ImageMagick-7.0.11-5, where executing a specially crafted file using the “convert” command allows ASAN to detect memory leaks...
Astra Linux – Vulnerability in Thunderbird
An outdated graphics library Angle likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird 78.9 and Firefox ESR 78.9...
Astra Linux – Vulnerability in Chromium
Before version 81.0.4044.92, using the "After Free" feature in Google Chrome allowed a remote attacker to execute arbitrary code through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
A phishing website could have re-used an about: dialog box to display phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox 122 and Thunderbird 115.7...
Astra Linux – Vulnerability in Parsec
The vulnerability of the macid utility in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Staging: greybus: audiohelper: Remove unused and incorrect usage of debugfs. In the greybus audiohelper code, the debugfs file related to dapm has the potential to be removed, and memory may be leaked. There is also a high...
Astra Linux – Vulnerability in libcaca
A flaw was discovered in libcaca v0.99.beta19. A buffer overflow issue in the cacaresize function in libcaca/caca/canvas.c may allow for the execution of arbitrary code in the user context...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Debug: Fixed a potential buffer overflow caused by snprintf. The snprintf function returns the size of the string that would be filled if it exceeds the given buffer size. Therefore, using this value may lead to a buff...
Astra Linux – Vulnerability in Linux, Linux 5.10
A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was discovered in the way that the system maps some regions of memory twice using shmget. These mappings are aligned according to PUD alignment, resulting in some memory pages being misaligned. A local user could exploit this flaw to...
Astra Linux – Vulnerability in node-ansi-regex
ansi-regex is vulnerable to inefficient regular expression complexity...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel versions 3.11 through 5.10.16, as used by Xen. When serving requests to the PV backend, the driver maps grant references provided by the frontend. During this process, errors may occur. In one case, an error encountered earlier might be discarded by late...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass the same-origin policy and proxy settings through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Samba
A out-of-bounds read vulnerability was discovered in Samba due to insufficient length checks in the winbinddpamauthcrap.c file. When performing NTLM authentication, the client sends cryptographic challenges back to the server. These responses have varying lengths, and Winbind fails to check the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: spi-rockchip: Fixed out-of-bounds access to registers. Do not write code related to native chip selection for GPIO chip selections. GPIOs can be numbered much higher than native CS. Moreover, this approach doesn’t make any sen...
Astra Linux – Vulnerability in Linux
In the Linux kernel up to version 5.8.7, local attackers who were able to inject conntrack netlink configurations could exploit an overflow in a local buffer, resulting in crashes or triggering the use of incorrect protocol numbers in ctnetlinkparsetuplefilter in net/netfilter/nfconntracknetlink....
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using "After Free" in the Accessibility settings of Google Chrome allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through those interactions...
Astra Linux – Vulnerability in dpdk
NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly. This vulnerability can allow a remote attacker to cause denial of service, as well as affect data integrity and confidentiality...
Astra Linux – Vulnerability in Ruby 2.5
In RDoc 3.11 through 6.x, as distributed with Ruby up to 3.0.1, it was possible to execute arbitrary code using | and tags within a filename...
Astra Linux – Vulnerability in Chromium
Before version 104.0.5112.79, using "After Free" in Safe Browsing in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using free after in the Ozone browser extension in Google Chrome allowed a remote attacker to potentially exploit heap corruption by running a Wayland test...
Astra Linux – Vulnerability in Systemd
The basic/unit-name.c file in systemd, prior to versions 246.15, 247.8, 248.5, and 249.1, contains a memory allocation with an excessive size value. This issue involves functions strdupa and alloca, where a pathname is controlled by a local attacker, leading to a system crash...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Do not perform the PV iret hypercall through the hypercall page. Instead of jumping to the Xen hypercall page to execute the iret hypercall, the required sequence is directly coded in the xen-asm.S file. This action is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: xen/privcmd: fixed the error exit of privcmdioctldmop The error exit of privcmdioctldmop calls unlockpages, potentially with pages being NULL, leading to a NULL dereference. Additionally, lockpages does not check whether...
Astra Linux – Vulnerability in Firefox and Thunderbird
When a ServiceWorker intercepted a request using FetchEvent, the origin of the request was lost after the ServiceWorker took control of it. This caused the SameSite cookie protections to be negated. This issue was addressed in the specifications, and later in browsers. This vulnerability affects...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via the AUTH= parameter in the MAIL FROM command...
Astra Linux – Vulnerability in unzip
A flaw was discovered in unzip. The vulnerability arises from improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to submit a specially crafted zip file, resulting in a crash or code execution...
Astra Linux – Vulnerability in imagemagick
In GammaImage of /MagickCore/enhance.c, depending on the gamma value, it is possible for a divide-by-zero condition to occur when a specially crafted input file is processed by ImageMagick. This could affect the availability of the application. The patch uses PerceptibleReciprocal to prevent such...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: a out-of-bounds error in initsmb2rsphdr has been fixed. If a client sends a SMB2 negotiate request and then a SMB1 negotiate request, initsmb2rsphdr is called for the SMB1 negotiate request, since needneg is set to false...
Astra Linux – Vulnerability in Firefox
The documents incorrectly assumed a certain order of principal objects when determining whether we were loading an appropriately privileged principal. In certain circumstances, it might have been possible for a document to be loaded with a more privileged principal than intended. This vulnerabili...
Astra Linux – Vulnerability in vlc
VLC Media Player 3.0.20 and earlier are vulnerable to denial of service due to an integer overflow. This vulnerability can be exploited by a maliciously crafted MMS stream heap-based overflow. If successful, a malicious third party can cause the VLC player to crash or execute arbitrary code with...
Astra Linux – Vulnerability in Intel Microcode
Access to certain resources under complex microarchitectural conditions in the memory subsystem of some Intel AtomR processors may allow authenticated users to potentially disclose information or cause a denial of service through network access...
Astra Linux – Vulnerability in libsoup2.4
A use-after-free vulnerability was discovered in libsoup, within the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the KVM’s AMD code, which handles SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the “virtext” field, this issue could all...
Astra Linux – Vulnerability in Linux
The mwifiexcmd80211adhocstart function in the drivers/net/wireless/marvell/mwifiex/join.c file within the Linux kernel, as of version 5.10.4, may allow remote attackers to execute arbitrary code by using a long SSID value, also known as CID-5c455c5ab332...
Astra Linux – Vulnerability in Chromium
“Type Confusion in V8 in Google Chrome” before version 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox
A file dialog box displayed in full-screen mode might have caused the window to remain disabled. This vulnerability affects Firefox versions earlier than 126...
Astra Linux – Vulnerability in Firefox
A stop condition for the iterator was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. This vulnerability affects Firefox versions less than 12...
Astra Linux – Vulnerability in Firefox
When a network error occurred during page loading, the previous content could remain visible, accompanied by a blank URL bar. This could be used to disguise a spoofed website. This vulnerability affects Firefox versions earlier than 126...
Astra Linux – Vulnerability in Firefox
Multiple WebRTC threads may have claimed a newly connected audio input, resulting in a use-after-free vulnerability. This vulnerability affects Firefox versions less than 126...
Astra Linux – Vulnerability in Firefox and Thunderbird
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution within the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Astra Linux – Vulnerability in Firefox and Thunderbird
In some code patterns, JIT incorrectly optimized switch statements and generated code that contained vulnerabilities related to out-of-bounds reads. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
Astra Linux – Vulnerability in Firefox and Thunderbird
A type checking bug could have resulted in invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 125. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 126...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox...
Astra Linux – Vulnerability in Firefox
A HTTP digest authentication nonce value was generated using rand, which may result in predictable values. This vulnerability affects Firefox versions less than 126...
Astra Linux – Vulnerability in Firefox
The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox versions less than 126...
Astra Linux – Vulnerability in Firefox and Thunderbird
When saving a page as a PDF, certain font styles might lead to a potential “use-after-free” crash. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Astra Linux – Vulnerability in Firefox and Thunderbird
When importing resources using Web Workers, error messages would differentiate between application/javascript responses and non-script responses. This could have been exploited to obtain information across origins. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Astra Linux – Vulnerability in Firefox and Thunderbird
A bug in the interaction of popup notifications with WebAuthn makes it easier for attackers to trick users into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...