18099 matches found
Astra Linux – Vulnerability in Linux 5.10
A flaw was discovered in the Linux kernel. A null pointer dereference in the bondipsecaddsa function may lead to a local denial of service...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the Linux kernel. Measuring the usage of shared memory does not scale well with large counts of shared memory segments, which could lead to resource exhaustion and Denial-of-Service attacks...
Astra Linux – Vulnerability in Linux, Linux 5.10
A memory overflow vulnerability was discovered in the ipc functionality of the memcg subsystem in the Linux kernel. This vulnerability occurs when a user calls the semget function multiple times, thereby creating semaphores. This flaw allows a local user to deplete resources, resulting in a denia...
Astra Linux – Vulnerability in node-marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def might cause catastrophic backtracking in certain cases, leading to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown using a vulnerable version of Marked, without usi...
Astra Linux – Vulnerability in pgpool2
The Pgpool-II provided by PgPool Global Development Group contains a authentication bypass vulnerability as a primary weakness. If this vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: ti: k3-udma-glue: fix memory leak when registerdevice fails. If deviceregister fails, it should call putdevice to release the reference. The name allocated by devsetname can be freed in the callback function...
Astra Linux – Vulnerability in Linux
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Astra Linux – Vulnerability in GhostScript
A divide-by-zero issue was discovered in epsprintpage within gdevepsn.c in Artifex Software GhostScript 9.50. This issue allows remote attackers to cause a denial of service by opening crafted PDF files...
Astra Linux – Vulnerability in Zabbix
JavaScript preprocessing can be exploited by attackers to gain access to the file system read-only access on behalf of the user “zabbix” on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: make the fallback action and decision atomic. Syzkaller reported the following errors: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcpdofallback net/mptcp/protocol.h:1223 inline WARNING: CPU: 1 PID: 7704 at...
Astra Linux – Vulnerability in jbigkit
In LibTIFF 4.0.8, there is a memory allocation failure in the tifjbig.c file. A specially crafted TIFF document can cause an abort, leading to a remote denial-of-service attack...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A out-of-bounds memory read flaw was discovered in the Linux kernel’s BPF subsystem, related to how a user calls the bpftailcall function with a key that is larger than the maxentries of the map. This flaw allows a local user to gain unauthorized access to data...
Astra Linux – Vulnerability in Jackson-Databind
A flaw was discovered in jackson-databind before version 2.9.10.7. FasterXML improperly handles the interaction between serialization gadgets and typing. The greatest threat of this vulnerability is to data confidentiality, integrity, and system availability...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when AES-CCM mode is used with the opensslencrypt function and a 12-byte IV is provided, only the first 7 bytes of the IV are actually used. This can result in reduced security and incorrect encrypted data...
Astra Linux – Vulnerability in TeXeVe-bin
OpenDetex 2.8.5 has a Buffer Overflow issue in TexOpen, specifically in detex.l, due to an incorrect sprintf operation...
Astra Linux – Vulnerability in Chromium
Before version 141.0.7390.54, reading media content in Google Chrome allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in imagemagick
In the RestoreMSCWarning function in /coders/pdf.c, there are several places where calls to GetPixelIndex may result in values that are outside the range that can be represented by the unsigned char type. The patch converts the return value of GetPixelIndex to the ssizet type to avoid this bug...
Astra Linux – Vulnerability in ffmpeg
A buffer overflow vulnerability exists in the function configinput in libavfilter/vfgblur.c in Ffmpeg 4.2.1. Attackers can exploit this vulnerability to cause a Denial of Service or other unspecified impacts...
Astra Linux – Vulnerability in node-json-schema
JSON-schema is vulnerable to improperly controlled modification of object prototype attributes known as “Prototype Pollution”...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS...
Astra Linux – Vulnerability in Chromium
The use of “after free” in User Education in Google Chrome before version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension or specific user interactions...
Astra Linux – Vulnerability in Chromium
In versions of Google Chrome on Android prior to 101.0.4951.41, the security interface in the Downloads section allowed a remote attacker to spoof the APK download dialog box through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76 – Do not call mt76unregisterdevice on unregistered hardware devices. Attempting to probe a mt7921e PCI card without firmware results in a successful probe, but ieee80211registerhw is not called. When removing the drive...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: xsk: Added a missing overflow check in xdpumemreg. The number of chunks can exceed the range of u32. Ensure that the value -EINVAL is returned in case of an overflow. Additionally, removed a redundant u32 cast when assigning...
Astra Linux – Vulnerability in Linux
There is an information disclosure vulnerability in the ARM SIGPAGE functionality of the Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4 appears to still be vulnerable. A userland application can read the contents of the sigpage, which may lead to exposure of kernel memory contents...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the bpf and arm64 implementations, the value of prog-jitedlen was cleared along with prog-jited. The syzbot reported an attempt to perform an illegal copytouser operation from the bpfproggetinfobyfd function 1. There has been ...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fixed the hotplug callback leak in armsmmupmuinit. armsmmupmuinit does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. The callback must be removed by cpuhpremovemultistate in...
Astra Linux – Vulnerability in Firefox and Thunderbird
A Linux user who opened the print preview dialog box could have caused the browser to crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...
Astra Linux – Vulnerability in Linux, Linux 5.10
The function emsusbstartxmit in the file drivers/net/can/usb/emsusb.c within the Linux kernel, up to version 5.17.1, contains a double-free...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in the “File” feature in Google Chrome on Android prior to version 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page...
Astra Linux – Vulnerability in binutils
“findabstractinstance” in dwarf2.c, located in the Binary File Descriptor BFD library also known as libbfd, as part of GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash through a crafted ELF file...
Astra Linux – Vulnerability in ofono
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vimc: Fixed an incorrect function call when vimcinit fails. In vimcinit, when platformdriverregister&vimcpdrv fails, the function platformdriverunregister&vimcpdrv is called incorrectly instead of...
Astra Linux – Vulnerability in ofono
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/entry: Clear X86FEATURESMAP when CONFIGX86SMAP=n Commit 3c73b81a9164 “x86/entry, selftests: Further improve user entry sanity checks” added a warning if AC is set when in the kernel. Commit 662a0221893a3d “x86/entry: Fix A...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fixed a memory leak in the error handling path. In the probe function, if the serialconfig function fails, data from info is leaking. A resource handling path should be added to free up this memory...
Astra Linux – Vulnerability in Tiff
LibTIFF 4.4.0 contains an out-of-bounds read in tiffcp, located at line 948 of tools/tiffcp.c. This vulnerability allows attackers to cause a denial-of-service attack through a specially crafted TIFF file. For users who compile LibTIFF from source code, the fix is available in the commit with the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed the use of inodes after freeing them in ext4endiorsvwork. In ext4ioenddefercompletion, it was checked whether ioend-listvec was empty to avoid adding an ioend that does not require any conversion to the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevents ubuf size overflow. The ubuf size calculation may overflow, leading to under-sized allocations and potential memory corruption. Use the checkaddoverflow helper function to validate the size calculation...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: mt76: Fixed a use-after-free by removing a non-RCU wcid pointer. This fix addresses an issue detected by KASAN regarding use-after-free in mt76txqschedule. This was done by protecting mtxq-wcid with rculock between...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, Safari 16.6, iOS 15.8.7, and iPadOS 15.8. Processing maliciously crafted web content may lead to memory corruption...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger an...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption, and we assume that with...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel versions 2.6.39 through 5.10.16, as used in Xen. The block, net, and SCSI backends consider certain errors as ordinary bugs, which are deliberately designed to cause kernel crashes. For errors that may be influenced by guests such as memory exhaustion...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a bug in extent parsing when ehentries == 0 and ehdepth 0. When traversing inode extents, the ext4extbinsearchidx function assumes that the extent header has been validated previously. However, there are no checks to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: udptunnel: Use netdevwarn instead of netdevWARN. netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister failing due to a memory allocation failure e.g., kzalloc o...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a potential double-free issue in createvarref. In createvarref, initvarref is called to initialize the fields of the reffield variable. This variable is allocated in the previous function call, which creates...
Astra Linux – Vulnerability in Python-Django
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address did not prohibit leading zero characters in octal literals. This may allow bypassing access control based on IP addresses. validateipv4address and validateipv46address...
Astra Linux – Vulnerability in iproute2
In iproute2 before version 5.1.0, there is a use-after-free issue in the getnetnsidfromname function in the ip/ipnetns.c file. NOTE: The relevance of this issue to security may be limited to certain uses of setuid, which, although not a default option, are sometimes an optional configuration...