18099 matches found
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel versions 2.6.39 through 5.10.16, as used in Xen. The block, net, and SCSI backends consider certain errors as ordinary bugs, which are deliberately designed to cause kernel crashes. For errors that may be influenced by guests such as memory exhaustion...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a bug in extent parsing when ehentries == 0 and ehdepth 0. When traversing inode extents, the ext4extbinsearchidx function assumes that the extent header has been validated previously. However, there are no checks to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: udptunnel: Use netdevwarn instead of netdevWARN. netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister failing due to a memory allocation failure e.g., kzalloc o...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a potential double-free issue in createvarref. In createvarref, initvarref is called to initialize the fields of the reffield variable. This variable is allocated in the previous function call, which creates...
Astra Linux – Vulnerability in Python-Django
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address did not prohibit leading zero characters in octal literals. This may allow bypassing access control based on IP addresses. validateipv4address and validateipv46address...
Astra Linux – Vulnerability in iproute2
In iproute2 before version 5.1.0, there is a use-after-free issue in the getnetnsidfromname function in the ip/ipnetns.c file. NOTE: The relevance of this issue to security may be limited to certain uses of setuid, which, although not a default option, are sometimes an optional configuration...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineeventstate::irq after the IRQ register is successfully set. When running the gpio test on the nxp-ls1028 platform using the following command: gpiomon --num-events=3 --rising-edge gpiochip1 25 A warning tra...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Do not leak netobj memory when gssreadproxyverf fails...
Astra Linux – Vulnerability in Chromium
Before version 96.0.4664.93, using the "after free" mechanism in the file API in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed the warning message caused by adisc being flushed. The Linux kernel triggered a warning message where a different error code type did not match the expected type. Added additional translations for one erro...
Astra Linux – Vulnerability in openexr
There is a flaw in OpenEXR’s ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who can submit a crafted file to an application that uses OpenEXR may cause a out-of-bounds read vulnerability. The most significant risk of this flaw is the disruption of the application’s...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/connector: Only call HDMI audio helper pluggedcb if fn is not null. During driver removal, sound/soc/codecs/hdmi-codec.c calls pluggedcb with NULL as the callback function and codecdev. This is evident in the hdmiremove...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: xtensa: xtfpga: Fixed a refcount leak bug in setup. In machinesetup, offindcompatiblenode will return a node pointer with the refcount incremented. We should use ofnodeput when it is no longer needed...
Astra Linux – Vulnerability in Thrift
In Apache Thrift, all versions up to and including 0.12.0, a server or client may encounter an infinite loop when processing specific input data. Since this issue was partially addressed in version 0.11.0, it only affects certain language bindings, depending on the installed version...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/i915: Fixed the reference counting during error capture and debugfs dump. When GuC support was added to error capture, the reference counting around the request object was broken. This issue has been fixed. The context-bas...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.29.0, there is weak synchronization in the Arc::getmut method. This synchronization issue can lead to memory safety issues due to race conditions...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel in versions prior to 5.4.92 regarding the BPF protocol. This flaw allows an attacker with a local account to disclose information about kernel internal addresses. The greatest threat posed by this vulnerability relates to confidentiality...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: dropping short frames Technically, some control frames, such as ACK frames, are shorter and end after “Address 1”. Such frames should not be forwarded through wmediumd or similar user-space mechanisms...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and attempts to read a b-tree node by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
Intel’s microprocessor generations 6 to 8 are affected by a new Spectre variant that can bypass the retpoline mitigation mechanism in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to execute arbitrary speculative code under certain...
Astra Linux – Vulnerability in Pypy
In Python 2.x through 2.7.16, urllib supports the localfile scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. This is demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
Astra Linux – Vulnerability in Pypy
Python versions 2.7.x through 2.7.16, and 3.x through 3.7.2 are affected by improper handling of Unicode encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure—credentials, cookies, etc., that are cached against a given hostname. The affected components...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in several Ansible modules, where parameters containing credentials, such as “secrets,” were logged in plain text on managed nodes, and were also made visible on the controller node when run in verbose mode. These parameters were not protected by the “nolog” feature. An...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible. Credentials, such as secrets, are being disclosed in the console logs by default, and are not protected by the nolog feature when using those modules. An attacker can exploit this information to steal those credentials. The greatest threat posed by this...
Astra Linux – Vulnerability in dcmtk
The service class provider SCP of OFFIS DCMTK all versions prior to 3.6.7 is vulnerable to path traversal attacks, allowing attackers to write DICOM files into arbitrary directories under controlled names. This could enable remote code execution...
Astra Linux – Vulnerability in python-urllib3
urllib3 is a HTTP client library for Python. The streaming API of urllib3 is designed for efficiently handling large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
Astra Linux – Vulnerability in Twisted
Twisted is an event-based framework for internet applications, compatible with Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, potentially leading to information disclosure. This vulnerability has been fixed in 24.7.0rc1...
Astra Linux – Vulnerability in Ansible
There exists an absolute path traversal attack within the Ansible automation platform. This flaw allows an attacker to create a malicious Ansible role and have the victim execute that role. A symbolic link can be used to overwrite a file that is outside of the extraction path...
Astra Linux – Vulnerability in protobuf
Dereferencing a NullPtr when a null char is present in a proto symbol. The symbol is parsed incorrectly, resulting in an unchecked call into the proto file’s name during the generation of the resulting error message. Since the symbol is incorrectly parsed, the file value is nullptr. We recommend...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 123. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 124...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: The fs and lock operations during checks for active status. The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from the hardware, set the hardware deletion function to NULL...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel before version 5.11.11. The netfilter subsystem allows attackers to cause a denial of service panic because net/netfilter/xtables.c and include/linux/netfilter/xtables.h lack a proper memory barrier when assigning a new table value, known as...
Astra Linux – Vulnerability in Chromium
The double-free operation in WebGL in Google Chrome before version 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fixed an issue where IO operations could hang due to a race condition involving the sbitmap wakeup mechanism. In blkmqmarktagwait, addwaitqueue might be re-ordered. In addition, blkmqgetdrivertag might fail if the driver...
Astra Linux – Vulnerability in libstb
It was discovered that stbimage.h v2.27 contains an integer overflow vulnerability through the stbijpegdecodeblockprogdc function. This vulnerability allows attackers to cause a Denial of Service DoS attack through unspecified vectors...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: A misbehavior occurred when listversions raced with module loading. listversions will first estimate the required space using the dmtargetiteratelistversiongetneeded, &needed call, and then fill the space using the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption. Usually, there is only one llcc device. But if there were a second one, even a failed probe call would modify the global drvdata pointer. Therefore, check whether...
Astra Linux – Vulnerability in ffmpeg
An integer overflow vulnerability exists in the function filter16sobel in libavfilter/vfconvolution.c within Ffmpeg 4.2.1. Attackers can exploit this vulnerability to cause a Denial of Service or other unspecified impacts...
Astra Linux – Vulnerability in Chromium
The use of after free in the Media Session in Google Chrome before version 125.0.6422.141 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Makes vmddev::cfglock of type rawspinlockt Access to the PCI configuration space via pciops::read and pciops::write is a low-level hardware operation. These functions can be accessed with disabled interrupts, even when...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed a deadlock in the tc route query code The cited commit caused a ABBA deadlock0 when peer flows were created while holding the devcom rw semaphore. Due to the peer flow offload implementation, the lock is taken...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Use mlx5ipsecrxstatusdestroy to correctly delete status rules. rxcreate no longer allocates a modifyhdr instance that needs to be cleaned up. The mlx5modifyheaderdealloc call will lead to a NULL pointer dereference. ...
Astra Linux – Vulnerability in Chromium
Object corruption in Blink in Google Chrome prior to version 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. Chromium security severity: Medium...
Astra Linux – Vulnerability in docker.io
Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine, where the data directory /var/lib/docker, contained subdirectories with insufficiently restricted permissions. This allowed unprivileged Linux users to access and...
Astra Linux – Vulnerability in Chromium
Before version 103.0.5060.134, using free after in the Guest View in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Git
Git is a revision control system. Before versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contained symlinks through the filesystem, Git might create hardlinks to arbitrary user-readable files within the same filesystem as the target...