18095 matches found
Astra Linux – Vulnerability in Chromium
Inappropriate implementations in WebApp installations in Google Chrome prior to version 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass the installation dialog through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Firefox
If temporary “one-time” permissions, such as the ability to use the Camera, are granted to a document loaded using a file: URL, those permissions persist in that tab for all other documents loaded from the same file: URL. This is potentially dangerous if the local files come from different source...
Astra Linux – Vulnerability in exempi
A buffer overflow vulnerability exists in the function ID3Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier versions. This vulnerability allows remote attackers to cause a denial of service by opening crafted audio files that contain the ID3V2 frame...
Astra Linux – Vulnerability in PackageKit
PackageKit provided detailed error messages to unprivileged callers who were exposed to information about the presence of files and their mimetypes. This information was difficult for those callers to determine on their own...
Astra Linux – Vulnerability in libstb
STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may cause memory writes to exceed the allocated heap buffer in startdecoder. The root cause of this issue is a potential integer overflow in sizeofchar f-commentlistlength, which may...
Astra Linux – Vulnerability in Wireshark
The SPRT dissector crash in Wireshark versions 4.2.0 to 4.0.5, and 4.0.0 to 4.0.15 allows denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Wireshark
Large loops in multiple protocol dissectors in Wireshark versions 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture files...
Astra Linux – Vulnerability in Linux
A memory-bound write flaw 1 or 2 bytes of memory was identified in the Linux kernel’s NFS subsystem, related to the way users use mirroring replication of files via NFS. A user with access to the NFS mount could potentially exploit this flaw to crash the system or escalate privileges on the syste...
Astra Linux – Vulnerability in Flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Starting from version 0.9.4 and before version 1.10.2, Flatpak has a vulnerability in its “file forwarding” feature, which can be exploited by attackers to gain access to files that would normally...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixing the lifetime of the sysfs interface The current nilfs2 sysfs support has issues with the timing of the creation and deletion of sysfs entries. This may lead to null pointer dereferences, use-after-free errors, a...
Astra Linux – Vulnerability in Wireshark
Improper URL handling in Wireshark versions 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 may allow for remote code execution through packet injection or crafted capture files...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early The creation of debugfs files is moved to a dedicated function, and it is ensured that these files are explicitly removed during vhcirelease, before the...
Astra Linux – Vulnerability in golang-golang-x-net, containerd-app
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to a Denial-of-Service DoS attack if an attacker provides specially crafted HTML content...
Astra Linux – Vulnerability in p7zip
7-ZIP ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected 7-ZIP installations. Interaction with this product is required to exploit this vulnerability, but the attack vectors may vary depending ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: Fix for oops due to invalid pointer for kfree in parselongname This fix addresses a kernel oops that occurs when reading ceph snapshot directories .snap, for example, by simply running ls /mnt/myceph/.snap. The variable str...
Astra Linux – Vulnerability in p7zip
7-Zip 22.01 does not report an error for certain invalid xz files that involve block flags and reserved bits. Some later versions are unaffected...
Astra Linux – Vulnerability in Chromium
Using “after free” in Dawn in Google Chrome before version 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xfs: Only call xfarray,blobdestroy if we have a valid pointer. Only call the xfarray and xfblob destructors if we have a valid pointer, and make sure to null out that pointer afterwards. Note that this patch fixes a large number ...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: lockd: Other missing fields are set when unlocking files. The vfslockfile function expects that the struct filelock structure is fully initialized by the caller. If the flfile field is NULL after re-exporting NFSv3, an OOP err...
Astra Linux – Vulnerability in Twig
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates whose names are user-inputs. It’s possible to use the source or include statement to read arbitrary files from outside the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference leak in nfsd4addrdaccesstowrdeleg. The nfsd4addrdaccesstowrdeleg function overwrites fp-fifdsORDONLY unconditionally with a newly acquired nfsdfile. However, if the client already has a SHAREACCESSREA...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in PDF files in Google Chrome prior to version 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: Medium...
Astra Linux – Vulnerability in libksba
A vulnerability was discovered in the Libksba library due to an integer overflow within the CRL parser. This vulnerability can be exploited remotely to execute code on the target system by passing specially crafted data to the application, such as a malicious S/MIME attachment...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: A memory leak was fixed when removing provided buffers. When removing provided buffers, the iobuffer structures were not being disposed of properly, resulting in a memory leak. These structures cannot be freed...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer before version 1.18.4 may cause heap corruption when parsing certain malformed Matroska files...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - In mm/vmalloc and mm/kasan, there is a issue where the gfp mask is not respected when calling kasanpopulatevmalloc. kasanpopulatevmalloc and its helpers ignore the caller’s gfpmask and always allocate memory using the...
Astra Linux – Vulnerability in golang-golang-x-net, containerd-app
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to a Denial-of-Service DoS attack if an attacker provides specially crafted HTML content...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: pNFS: Fixed an issue where uninitialized pointers were dereferenced. The error occurs during the third attempt to encode extents. When the function exttreepreparecommit reallocates a larger buffer to retry encoding extents, th...
Astra Linux – Vulnerability in Wireshark
IEEE 1609.2 dissector crash in Wireshark versions 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: Do not reallocate the workqueue every time an interface is added. The commit 09ed8bfc5215 “wilc1000: Rename the workqueue from “WILCwq” to “NETDEV-wq” moved the creation of the workqueue in wilcnetdevifcinit, in...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/iucv: Fixed the issue where iucvsockclose was used after memory was freed. The iucvseverpath function is called from both process context and thread context. The iucv-path variable is used to indicate whether someone else ...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability, classified as problematic, has been identified in the Linux kernel. This issue affects the function nilfsattachlogwriter in the file fs/nilfs2/segment.c of the BPF component. The manipulation leading to this issue results in a memory leak. The attack can be initiated remotely. It...
Astra Linux – Vulnerability in Mariadb 10.3
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. The supported versions affected are 5.7.33 and earlier, as well as 8.0.23 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromi...
Astra Linux – Vulnerability in Chromium
Using the “after free” mechanism in the Presentation API in Google Chrome before version 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in gnutls28
A flaw was discovered in GnuTLS. This vulnerability allows for a denial of service attack through excessive CPU usage and memory consumption, caused by specially crafted malicious certificates that contain a large number of name constraints and Subject Alternative Names SANs...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Media: i2c: ar0521: Use the CANsleep version of gpiodsetvalue If we use GPIO reset from the I2C port expander, we must use the CANsleep variant of GPIO functions. This was not done in the ar0521poweron/ar0521poweroff functions...
Astra Linux – Vulnerability in Puma
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP requests comply with the RFC7230 standard, Puma and the frontend proxy may disagree about where the requests start and...
Astra Linux – Vulnerability in node-minimatch
A vulnerability was discovered in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when the braceExpand function is called with specific arguments, resulting in a denial of service...
Astra Linux – Vulnerability in Flatpak
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak did not properly validate whether the permissions displayed to the user during installation match the actual permissions granted to the app at runtime, especially when there was a nu...
Astra Linux – Vulnerability in uriparser
A issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner...
Astra Linux – Vulnerability in libjackson-json-java
A deserialization flaw was discovered in the Jackson-Databind library, in versions prior to 2.6.7.1, 2.7.9.1, and 2.8.9. This flaw could allow an unauthenticated user to execute arbitrary code by sending maliciously crafted input to the readValue method of the ObjectMapper...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible 2.7.16 and earlier versions, as well as 2.8.8 and earlier, and 2.9.5 and earlier. When a password is set using the “password” argument of the svn module, it is used in the svn command line, thereby exposing it to other users within the same node. An attacker could...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2, and iPadOS 18.7.2; iOS 26.1 and iPadOS 26.1; macOS Tahoe 26.1; tvOS 26.1; visionOS 26.1; and watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Cast in Google Chrome before version 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: i40e: The macvlan leak was fixed by synchronizing access to macfilterhash. This patch addresses a macvlan leak issue in the i40e driver, which was caused by concurrent access to vsi-macfilterhash. The leak occurs when multiple...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed an issue where the extent map was used after free, especially when handling a missing device in the readonechunk function. The error code must be stored before freeing the extentmap. Although it’s a...
Astra Linux – Vulnerability in python-httplib2
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server that responded with a long series of "\xa0" characters in the “www-authenticate” header could cause a Denial of Service attack, resulting in excessive CPU usage during header parsing ...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in WebKit2GTK
In WebKitGTK before 2.32.4, there is an incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, which leads to a segmentation violation and an application crash. This is a different vulnerability than CVE-2021-30889...