18095 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
Using tables within an iframe, an attacker could cause the iframe contents to be rendered outside the boundaries of the iframe, leading to potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A issue was discovered in the Linux kernel before version 6.0.11. A missing offset validation in the driver/net/wireless/microchip/wilc1000/hif.c file within the WILC1000 wireless driver can lead to an out-of-bounds read during the parsing of a Robust Security Network RSN information element from...
Astra Linux – Vulnerability in Linux 5.15
A bug affects the ksmbd NTLMv2 authentication of the Linux kernel, and it is known to cause the operating system to crash immediately in Linux-based systems...
Astra Linux – Vulnerability in gnutls28
A timing side-channel vulnerability in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be used to recover the key encrypted in the RSA ciphertext across a network, in a Bleichenbacher-style attack. To successfully decrypt the data, the attacker would...
Astra Linux – Vulnerability in xrdp
xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contains an out-of-bound read vulnerability in the xrdpcapsprocessconfirm-active function. There are no known workarounds for this issue. Users are advis...
Astra Linux – Vulnerability in Vim
Use After Free in the GitHub repository vim/vim before version 9.0.0322...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free remote desktop protocol library and client. Versions of FreeRDP that are affected may attempt integer additions on too narrow types, resulting in the allocation of a buffer that is too small to hold the written data. A malicious server can trick a FreeRDP-based client into readi...
Astra Linux – Vulnerability in Netty
The Netty project is an event-driven, asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError could occur when parsing a malformed message due to infinite recursion. This issue has been fixed in version 4.1.86.Final. There is no workaround available,...
Astra Linux – Vulnerability in Inkscape
Inkscape 0.91 is vulnerable to a out-of-bounds read, which may allow an attacker to access unauthorized information...
Astra Linux – Vulnerability in Qemu
A use-after-free vulnerability was discovered in the LSI53C895A SCSI Host Bus Adapter emulation in QEMU. The flaw occurs during the processing of repeated messages to cancel the current SCSI request using the lsidomsgout function. This flaw allows a malicious privileged user within the guest to...
Astra Linux – Vulnerability in Tiff
A stack buffer overflow vulnerability was discovered in the tiffcp.c file of Libtiffs, within the main function. This vulnerability allows an attacker to submit a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue. This may result in memory corruption and cause a syste...
Astra Linux – Vulnerability in Tiff
The "Divide By Zero" error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile libtiff from source code, the fix is available in the commit f3a5e010...
Astra Linux – Vulnerability in TIF format
The "Divide By Zero" error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile libtiff from source code, the fix is available in the commit f3a5e010...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A out-of-bounds memory access vulnerability was discovered in the vmwgfx driver, located in the vmxgfx/vmxgfxkms.c file within the GPU component of the Linux kernel. The vulnerability affects device files such as '/dev/dri/renderD128 or Dxxx'. This flaw allows a local attacker with a user account...
Astra Linux – Vulnerability in Ruby-Rack
A denial-of-service vulnerability exists in the Range header parsing component of Rack, version 1.5.0 and later. A carefully crafted input can cause the Range header parsing component in Rack to take an unexpectedly long time, potentially leading to a denial-of-service attack. Any applications th...
Astra Linux – Vulnerability in Ruby-Rack
There is a denial-of-service vulnerability in the Content-Disposition parsing component of Rack, which was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow an attacker to create an input that causes the Content-Disposition header parsing in Rack to take an...
Astra Linux – Vulnerability in exuberant-ctags
A flaw was discovered in Exuberant Ctags regarding its handling of the "-o" option. This option specifies the tag filename. A specially crafted tag filename, specified either in the command line or in the configuration file, can lead to arbitrary command execution. This occurs because the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: A double-free operation in siparsepowertable has been fixed. In the function siparsepowertable, the array adev-pm.dpm.ps and its members are allocated. If the allocation of each member fails, the array itself is freed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: exfat: Check if the cluster number is valid. Syzbot reported a slab-out-of-bounds read in exfatclearbitmap. This issue was triggered when the reproducer called truncute with a size of 0. The relevant error message is: BUG:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The netlink notifier might race to release objects. The commit release path is invoked via callrcu, and it runs without locking to release the objects after the rcu grace period. The netlink notifier handler...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/hns: Fixed a NULL pointer issue in freemrinit. A lock grab occurs in a concurrent scenario, resulting in dereferencing a NULL pointer. This issue should be addressed by using initmutexinit before acquiring a lock. Unable ...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
There is a use-after-free vulnerability in the ALSA PCM package within the Linux kernel. The SNDRVCTLIOCTLELEMREAD|WRITE32 function lacks locks that could be exploited in a use-after-free situation, potentially leading to an escalation of privileges to gain ring0 access from the system user. We...
Astra Linux – Vulnerability in Linux 5.10
A race condition was detected in the fs/proc/taskmmu.c file, which is part of the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privileges to cause a denial of service...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rtc: gamecube: Fixed a refcount leak in gamecubertcreadoffsetfromsram. The offindcompatiblenode function returns a node pointer whose refcount is incremented. We should use ofnodeput on it after processing. Also, add the missing...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Do not report a bug if someone dirty pages without first consulting ext4. The unpinuserpagesremote function dirty pages without properly warning the file system in advance. Jan Kara noted this race condition in 20181...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fixed the error handling code for allocrange. A few users have reported display corruption when booting the machine into KDE Plasma or playing games. We have identified a problem where, whenever allocrange failed to fi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/dp: Fixed a divide-by-zero regression that occurred when unplugging a StarTech MSTDP122DP DisplayPort 1.2 MST hub using nouveau. Fixed a regression that occurs when using nouveau and unplugging a StarTech MSTDP122DP...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to pagepoolgetstats Calling pagepoolgetstats in the mvneta driver without proper checks leads to kernel crashes. Firstly, the page pool is only available if the bm is not being used. The page pool is also n...
Astra Linux – Vulnerability in Intel Microcode
Improper isolation of shared resources in some IntelR processors when using IntelR Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A flaw in the Linux kernel was discovered in the i740 driver. The userspace program can pass any value to the driver through the ioctl interface. The driver does not check the value of ‘pixclock’, which may lead to a division by zero error...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A flaw was discovered in the Linux kernel. A denial-of-service attack may occur if a consecutive request for NVMEIOCTLRESET and NVMEIOCTLSUBSYSRESET is made through the device file of the driver, resulting in a disconnection of the PCIe link...
Astra Linux – Vulnerability in Linux 5.15
The function rpmsgvirtioaddctrldev in the file drivers/rpmsg/virtiorpmsgbus.c in the Linux kernel, prior to version 5.18.4, contains a double-free...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability has been discovered in the Linux kernel and is classified as problematic. This vulnerability affects the function kcmtxwork in the file net/kcm/kcmsock.c of the kcm component. The vulnerability causes a race condition. It is recommended that a patch be applied to address this issu...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: qat – added parameter checks for RSA. Requests with a source buffer size greater than the size of the key are rejected. This prevents potential integer underflow issues that might occur when copying the source scatterlist...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Net: DSA: Microchip: Kszcommon: Fixed the refcount leak bug. In kszswitchregister, we should call ofnodeput for the reference returned by ofgetchildbyname, which has increased the refcount...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to perform a sanity check on the inlinedots inode. As Wenqing reported in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215765 This issue causes a kernel panic when performing the following actions: -...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys – cancels delayed work only in case of GPIO. The gpiokeys module can accept gpios or interrupts. The module initializes delayed work only in case of gpios and is only used if the debounce timer is not used...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: List: Fixed a data race around ep-rdllist. The eppoll function first calls epeventsavailable without holding a lock and checks if ep-rdllist is empty using listemptycareful, which reads from rdllist-prev. Therefore, all access...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Module: Fix eshstrndx.shsize=0 OOB access It is trivial to create a module that triggers OOB access with the following code: if info-secstringsstrhdr-shsize – 1 != '\0' Bug: Unable to handle page faults for the address:...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btmtksdio: fixed a use-after-free in btmtksdiorecvevent We should no longer access the skb buffer data after the hcirecvframe function is called. 39.634809 BUG: KASAN: use-after-free in btmtksdiorecvevent+0x1b0...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Media: i2c: max9286 – Fix for kernel oops when removing the module When removing the max9286 module, a kernel oops occurs: Unable to handle kernel paging request at virtual address 000000aa00000094 Mem abort info: ESR =...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Using the kobject release method to free dbsdata The struct dbsdata contains a struct govattrset, and the struct govattrset contains a kobject. Since every kobject must have a release method, and we cannot...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed the deadlock issue in the SCSI I/O completion and abort handling routines. During stress I/O tests with 500+ vports, hard lockup calls were observed. CPU A: - nativequeuedspinlockslowpath+0x192 -...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: qat – added parameter checks for DH. Requests with a source buffer that is larger than the size of the key are being rejected. This is to prevent a possible integer underflow that might occur when copying the source...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fixed data races related to sysctlfibmultipathhashpolicy. When reading sysctlfibmultipathhashpolicy, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
A use-after-free vulnerability was discovered in the nfs42sscopen function in the fs/nfs/nfs4file.c file within the Linux kernel. This flaw allows an attacker to perform remote denial-of-service attacks...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Mojo IPC in Google Chrome before version 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 108.0.5359.124, using Blink Frames in Google Chrome allowed a remote attacker who convinced the user to engage in certain UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.15
A flaw in the NULL Pointer Dereference mechanism within the Linux kernel’s NTFS3 driver function attrpunchhole was identified. A local user could exploit this flaw to crash the system...