18095 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A out-of-bounds read vulnerability was discovered in smbCalcSize in the fs/smb/client/netmisc.c file within the Linux kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: – In ext4, there’s a issue where the timer used after free is corrupted upon a failed mount. Syzbot has identified an ODEBUG bug in the ext4fillsuper function. The deltimersync function cancels the serrreport timer, which...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability has been discovered in the Linux kernel. It has been identified as a problem. This vulnerability affects the function vsockconnect in the file net/vmwvsock/afvsock.c. Manipulation of this function leads to a memory leak. The complexity of an attack is quite high. Exploitation of...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: SCTP: A potential out-of-bounds exception has been prevented in sctptransportupdaterto. SYZBOOT reported a potential out-of-bounds exception 1. The responsible developer added rtoalphamax and set rtobetamax to 1000. It is...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using File Manager in Google Chrome allowed a remote attacker to potentially exploit heap corruption through specific and direct user interactions...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using free after in SwiftShader in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using "after free" in ANGLE with Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Firefox
A website can prevent a user from exiting full-screen mode through alerts and prompts. This can lead to user confusion and potential spoofing attacks. This vulnerability affects Firefox versions earlier than 115...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
There is a null-pointer-dereference flaw found in f2fswriteendio in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem...
Astra Linux – Vulnerability in Linux 5.10
A flaw was discovered in the Linux kernel. A null pointer dereference in the bondipsecaddsa function may lead to a local denial of service...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the Linux kernel. Measuring the usage of shared memory does not scale well with large counts of shared memory segments, which could lead to resource exhaustion and Denial-of-Service attacks...
Astra Linux – Vulnerability in Linux, Linux 5.10
A memory overflow vulnerability was discovered in the ipc functionality of the memcg subsystem in the Linux kernel. This vulnerability occurs when a user calls the semget function multiple times, thereby creating semaphores. This flaw allows a local user to deplete resources, resulting in a denia...
Astra Linux – Vulnerability in node-marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def might cause catastrophic backtracking in certain cases, leading to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown using a vulnerable version of Marked, without usi...
Astra Linux – Vulnerability in pgpool2
The Pgpool-II provided by PgPool Global Development Group contains a authentication bypass vulnerability as a primary weakness. If this vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: ti: k3-udma-glue: fix memory leak when registerdevice fails. If deviceregister fails, it should call putdevice to release the reference. The name allocated by devsetname can be freed in the callback function...
Astra Linux – Vulnerability in Linux
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Astra Linux – Vulnerability in GhostScript
A divide-by-zero issue was discovered in epsprintpage within gdevepsn.c in Artifex Software GhostScript 9.50. This issue allows remote attackers to cause a denial of service by opening crafted PDF files...
Astra Linux – Vulnerability in Zabbix
JavaScript preprocessing can be exploited by attackers to gain access to the file system read-only access on behalf of the user “zabbix” on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: make the fallback action and decision atomic. Syzkaller reported the following errors: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcpdofallback net/mptcp/protocol.h:1223 inline WARNING: CPU: 1 PID: 7704 at...
Astra Linux – Vulnerability in jbigkit
In LibTIFF 4.0.8, there is a memory allocation failure in the tifjbig.c file. A specially crafted TIFF document can cause an abort, leading to a remote denial-of-service attack...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A out-of-bounds memory read flaw was discovered in the Linux kernel’s BPF subsystem, related to how a user calls the bpftailcall function with a key that is larger than the maxentries of the map. This flaw allows a local user to gain unauthorized access to data...
Astra Linux – Vulnerability in Jackson-Databind
A flaw was discovered in jackson-databind before version 2.9.10.7. FasterXML improperly handles the interaction between serialization gadgets and typing. The greatest threat of this vulnerability is to data confidentiality, integrity, and system availability...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when AES-CCM mode is used with the opensslencrypt function and a 12-byte IV is provided, only the first 7 bytes of the IV are actually used. This can result in reduced security and incorrect encrypted data...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21, and 7.4.x below 7.4.9, when processing PHAR files using the phar extension, pharparsezipfile might be tricked into accessing freed memory, which could lead to a crash or information disclosure...
Astra Linux – Vulnerability in TeXeVe-bin
OpenDetex 2.8.5 has a Buffer Overflow issue in TexOpen, specifically in detex.l, due to an incorrect sprintf operation...
Astra Linux – Vulnerability in Chromium
Before version 141.0.7390.54, reading media content in Google Chrome allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in imagemagick
In the RestoreMSCWarning function in /coders/pdf.c, there are several places where calls to GetPixelIndex may result in values that are outside the range that can be represented by the unsigned char type. The patch converts the return value of GetPixelIndex to the ssizet type to avoid this bug...
Astra Linux – Vulnerability in ffmpeg
A buffer overflow vulnerability exists in the function configinput in libavfilter/vfgblur.c in Ffmpeg 4.2.1. Attackers can exploit this vulnerability to cause a Denial of Service or other unspecified impacts...
Astra Linux – Vulnerability in node-json-schema
JSON-schema is vulnerable to improperly controlled modification of object prototype attributes known as “Prototype Pollution”...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS...
Astra Linux – Vulnerability in ntfs-3g, containerd-app
NTFS-3G before version 75dcdc2 has a use-after-free issue in the ntfsuppercasembs function in libntfs-3g/unistr.c. NOTE: Discussions suggest that exploiting this vulnerability would be challenging...
Astra Linux – Vulnerability in Chromium
The use of “after free” in User Education in Google Chrome before version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension or specific user interactions...
Astra Linux – Vulnerability in Chromium
In versions of Google Chrome on Android prior to 101.0.4951.41, the security interface in the Downloads section allowed a remote attacker to spoof the APK download dialog box through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76 – Do not call mt76unregisterdevice on unregistered hardware devices. Attempting to probe a mt7921e PCI card without firmware results in a successful probe, but ieee80211registerhw is not called. When removing the drive...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: xsk: Added a missing overflow check in xdpumemreg. The number of chunks can exceed the range of u32. Ensure that the value -EINVAL is returned in case of an overflow. Additionally, removed a redundant u32 cast when assigning...
Astra Linux – Vulnerability in Linux
There is an information disclosure vulnerability in the ARM SIGPAGE functionality of the Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4 appears to still be vulnerable. A userland application can read the contents of the sigpage, which may lead to exposure of kernel memory contents...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the bpf and arm64 implementations, the value of prog-jitedlen was cleared along with prog-jited. The syzbot reported an attempt to perform an illegal copytouser operation from the bpfproggetinfobyfd function 1. There has been ...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fixed the hotplug callback leak in armsmmupmuinit. armsmmupmuinit does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. The callback must be removed by cpuhpremovemultistate in...
Astra Linux – Vulnerability in Firefox and Thunderbird
A Linux user who opened the print preview dialog box could have caused the browser to crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...
Astra Linux – Vulnerability in Linux, Linux 5.10
The function emsusbstartxmit in the file drivers/net/can/usb/emsusb.c within the Linux kernel, up to version 5.17.1, contains a double-free...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in the “File” feature in Google Chrome on Android prior to version 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page...
Astra Linux – Vulnerability in binutils
“findabstractinstance” in dwarf2.c, located in the Binary File Descriptor BFD library also known as libbfd, as part of GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash through a crafted ELF file...
Astra Linux – Vulnerability in Node.js
Node.js versions before 16.6.0, 14.17.4, and 12.22.4 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...
Astra Linux – Vulnerability in ofono
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vimc: Fixed an incorrect function call when vimcinit fails. In vimcinit, when platformdriverregister&vimcpdrv fails, the function platformdriverunregister&vimcpdrv is called incorrectly instead of...
Astra Linux – Vulnerability in ofono
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/entry: Clear X86FEATURESMAP when CONFIGX86SMAP=n Commit 3c73b81a9164 “x86/entry, selftests: Further improve user entry sanity checks” added a warning if AC is set when in the kernel. Commit 662a0221893a3d “x86/entry: Fix A...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fixed a memory leak in the error handling path. In the probe function, if the serialconfig function fails, data from info is leaking. A resource handling path should be added to free up this memory...
Astra Linux – Vulnerability in Tiff
LibTIFF 4.4.0 contains an out-of-bounds read in tiffcp, located at line 948 of tools/tiffcp.c. This vulnerability allows attackers to cause a denial-of-service attack through a specially crafted TIFF file. For users who compile LibTIFF from source code, the fix is available in the commit with the...