18102 matches found
Astra Linux – Vulnerability in Fribidi
A segmentation fault flaw was discovered in the Fribidi package, affecting the fribidiremovebidimarks function in the lib/fribidi.c file. This flaw allows an attacker to submit a specially crafted file to Fribidi, resulting in a crash and causing a denial of service...
Astra Linux – Vulnerability in gnutls28
A vulnerability has been discovered in gnutls. This security flaw occurs due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutlspkcs7verify function...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected include Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2, and 22.1.0. This easily...
Astra Linux – Vulnerability in HAPProxy
A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue does not ensure that the scheme and path portions of a URI contain the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the...
Astra Linux – Vulnerability in unbound
Unbound before 1.9.5 allows an infinite loop through a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be remotely or locally exploited...
Astra Linux – Vulnerability in Vim
Out-of-bounds read in the GitHub repository for Vim before version 9.0...
Astra Linux – Vulnerability in Vim
Out-of-bounds read in the GitHub repository for Vim before version 9.0...
Astra Linux – Vulnerability in Vim
NULL pointer dereferencing in the GitHub repository’s Vim/Vim version prior to 8.2.5163...
Astra Linux – Vulnerability in Vim
Use After Free in the GitHub repository vim/vim before version 8.2.4979...
Astra Linux – Vulnerability in Vim
A heap-based buffer overflow vulnerability exists in the cmdlineerasechars function in the GitHub repository for Vim/Vim, prior to version 8.2.4899. These vulnerabilities could cause software to crash, modify memory, and potentially allow for remote execution...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow; GitHub repository for Vim/Vim before version 8.2...
Astra Linux – Vulnerability in Subversion
Subversion’s moddavsvn is vulnerable to memory corruption. When checking path-based authorization rules, moddavsvn servers may attempt to use memory that has already been freed. Affected Subversion moddavsvn servers include versions 1.10.0 through 1.14.1 including those versions. Servers that do...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, and Expat
Expat also known as libexpat before version 2.4.4 has an integer overflow in the doProlog function...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Serialization. The supported versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable...
Astra Linux – Vulnerability in OpenSSL
In addition to the crehash shell command injection identified in CVE-2022-1292, further instances where the crehash script fails to properly sanitize shell metacharacters to prevent command injection were discovered during code reviews. When CVE-2022-1292 was fixed, it wasn’t recognized that ther...
Astra Linux – Vulnerability in Wireshark
A NULL pointer exception occurs in the Modbus dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17, allowing for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Python 3.7, Python 2.7
A flaw was discovered in Python. Improper handling of HTTP responses in the Python HTTP client code may allow a remote attacker, who controls the HTTP server, to cause the client script to enter an infinite loop, consuming CPU resources. The greatest threat of this vulnerability is to system...
Astra Linux – Vulnerability in Linux, Linux 5.10
It was discovered that there was a lack of CPU resources in the Linux kernel tracing module functionality in versions prior to 5.14-rc3. This issue occurred due to the way users utilize the trace ring buffer. Only privileged local users with the CAPSYSADMIN capability could exploit this flaw to...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. The supported versions affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This easily exploitable vulnerability allows an unauthenticat...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the s390 eBPF JIT mechanism within bpfjitinsn in the arch/s390/net/bpfjitcomp.c file of the Linux kernel. In this flaw, a local attacker with special user privileges can bypass the verifier, potentially leading to confidentiality issues...
Astra Linux – Vulnerability in libxml2
A vulnerability was discovered in libxml2 in versions prior to 2.9.11. This vulnerability allows errors to go unnoticed during the parsing of XML mixed content, resulting in a NULL dereference. If an untrusted XML document is parsed in recovery mode and after post-validation, this flaw could be...
Astra Linux – Vulnerability in gnutls28
A flaw was discovered in gnutls. A use-after-free issue in the client’s sending of the keyshare extension may lead to memory corruption and other related issues...
Astra Linux – Vulnerability in curl
Curl versions 7.20.0 through 7.70.0 are vulnerable to improper restrictions on the names of files and other resources, which can lead to overwriting of local files when the -J flag is used...
Astra Linux – Vulnerability in OpenLDAP
A flaw was discovered in OpenLDAP before version 2.4.57. This flaw led to an assertion failure in slapd during the X.509 DN parsing in the decode.c file, specifically at the bernextelement function. This caused a denial of service...
Astra Linux – Vulnerability in OpenLDAP
An integer underflow was discovered in OpenLDAP before version 2.4.57, causing slapd to crash during the Certificate Exact Assertion processing, resulting in a denial of service schemainit.c serialNumberAndIssuerCheck...
Astra Linux – Vulnerability in Linux
A buffer overflow at the framebuffer layer in the fbcon code within the Linux kernel, prior to version 5.8.15, could be exploited by local attackers to read kernel memory, referred to as CID-6735b4632def...
Astra Linux – Vulnerability in Linux
A vulnerability was discovered in the Linux kernel, specifically in the spkttyioreceivebuf2 function. This function dereferences the spkttyiosynth variable without checking whether it is NULL or not. This could lead to a NULL-ptr deref crash...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.9.1, as used with Xen up to version 4.14.x. The file drivers/xen/events/eventsbase.c allows for the removal of event channels during the event-handling loop a race condition. This can lead to a use-after-free or NULL pointer...
Astra Linux – Vulnerability in grub2
A heap out-of-bounds write may occur during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. The impacts on confidentiality, integrity, and availability are considered low, as it is very complex for an attacker to control the encoding and...
Astra Linux – Vulnerability in Poppler
The JPXStream::init function in Poppler 0.78.0 and earlier does not check for negative values of stream length, which can lead to an Integer Overflow. This allows an attacker to allocate a large memory chunk on the heap, with the size controlled by them. This issue was demonstrated by pdftocairo...
Astra Linux – Vulnerability in Vim
Use After Free in the GitHub repository vim/vim before version 9.0.0225...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow in the GitHub repository vim/vim before version 9.0.0220...
Astra Linux – Vulnerability in Vim
Improper validation of specified quantities in the input in the GitHub repository’s Vim/Vim version prior to 9.0.0218...
Astra Linux – Vulnerability in Vim
Use After Free in the GitHub repository vim/vim before version 9.0...
Astra Linux – Vulnerability in Vim
Out-of-bounds read in the GitHub repository for Vim before version 9.0...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2...
Astra Linux – Vulnerability in Vim
Buffer over-reading in the GitHub repository vim/vim before version 8.2...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2...
Astra Linux – Vulnerability in Vim
Out-of-bounds write-up in the GitHub repository’s Vim/Vim version prior to 8.2.4977...
Astra Linux – Vulnerability in Vim
A classic buffer overflow vulnerability in the GitHub repository for vim/vim, prior to version 8.2.4969...
Astra Linux – Vulnerability in Vim
Use of out-of-range pointer offset in the GitHub repository vim/vim before version 8.2.4418...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...
Astra Linux – Vulnerability in openjdk-11
A vulnerability exists in the Oracle Java SE and Oracle GraalVM Enterprise Edition products from Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable...
Astra Linux – Vulnerability in TIF format
The "Divide By Zero" error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile libtiff from source code, the fix is available in the commit f8d0f9aa...
Astra Linux – Vulnerability in Tiff
In the libtiff 4.3.0 version of tiffcp, an accessible assertion allows attackers to cause a denial-of-service attack through a crafted tiff file. For users who compile libtiff from source code, this fix is available in the commit 5e180045...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free vulnerability was discovered in the rtsxusbmsdrvremove function in the drivers/memstick/host/rtsxusbms.c file within the memstick module of the Linux kernel. In this flaw, a local attacker with user privileges could compromise the confidentiality of system resources. This...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in PDFium in Google Chrome prior to version 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: can: pchcan; pchcanrxnormal: fix use after free After calling netifreceiveskbskb, dereferencing the skb is unsafe. In particular, the canframe field, which aliases memory of type skb, is dereferenced just after the call to...
Astra Linux – Vulnerability in krb5
The Key Distribution Center KDC in MIT Kerberos 5 also known as krb5 before version 1.18.5 and 1.19.x before version 1.19.3 has a NULL pointer dereference in the kdc/dotgsreq.c file, due to a FAST inner body that lacks a server field...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. The supported versions affected by this vulnerability are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This vulnerability is difficult to exploit; an...