18102 matches found
Astra Linux – Vulnerability in exempi
The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. In affected versions, specially crafted Lua scripts executed in Redis can cause the heap-based Lua stack to overflow, due to incomplete checks for this condition. This can lead to heap corruption and potentially remote code...
Astra Linux – Vulnerability in tar
A flaw was discovered in the src/list.c file of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The greatest threat posed by this vulnerability is to system availability...
Astra Linux – Vulnerability in dnsmasq
A vulnerability was discovered in dnsmasq prior to version 2.81. This vulnerability involves a memory leak, allowing remote attackers to cause a denial of service due to excessive memory consumption through mechanisms related to DHCP response creation...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the Content Security Policy of Google Chrome prior to version 91.0.4472.77 allowed a remote attacker to bypass the content security policy through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 90.0.4430.212, using “after free” in notifications in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Squid
A vulnerability was discovered in Squid before versions 4.15 and 5.x before version 5.0.6. Due to incorrect parser validation, this vulnerability allows for a Denial of Service attack against the Cache Manager API. This enables a trusted client to trigger memory leaks, which over time can lead to...
Astra Linux – Vulnerability in Firefox and Thunderbird
The use of the new logical assignment operators in a JavaScript switch statement could lead to a type confusion, resulting in memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...
Astra Linux – Vulnerability in OpenLDAP
A flaw was discovered in OpenLDAP before version 2.4.57, which led to a double-free and slapd crash during the saslAuthzTo process, resulting in a denial of service...
Astra Linux – Vulnerability in OpenLDAP
A flaw was discovered in OpenLDAP before version 2.4.57, which led to an incorrect calculation of memch-bvlen and caused a crash in the slapd process during the saslAuthzTo processing step. This resulted in a denial of service...
Astra Linux – Vulnerability in Linux
A memory leak vulnerability was discovered in the Linux kernel’s llcpsockconnect function...
Astra Linux – Vulnerability in nss
A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fixed the null-pointer dereference in pgtablecacheadd. kasprintf returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure. Ensure that the allocation was successful by checking th...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid dirent corruption As Al reported in link 1: f2fsrename … if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You need the correct inumber i...
Astra Linux – Vulnerability in curl
When the curl command is used to retrieve content using the Metalink feature, and a username and password are used to download the Metalink XML file, those same credentials are then passed to each server from which the curl command will attempt to download or retrieve the content. This often...
Astra Linux – Vulnerability in binutils
A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in the GNU Binutils through version 2.31. There is an integer overflow and an infinite loop caused by the ISCONTAINEDBYLMA macro in elf.c...
Astra Linux – Vulnerability in gnupg2
GnuPG versions up to 2.3.6 allow for signature forgery in unusual situations where an attacker possesses secret-key information from a victim’s keyring, and other constraints such as the use of GPGME are met. This can be achieved by injecting malicious data into the command line’s status line...
Astra Linux – Vulnerability in Python 2.7, Pypy
In Python 3.x versions prior to 3.5.10, 3.6.x versions prior to 3.6.12, 3.7.x versions prior to 3.7.9, and 3.8.x versions prior to 3.8.5, CRLF injection is allowed if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...
Astra Linux – Vulnerability in binutils
“rememberKtype” in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption also known as OOM. This can occur during the execution of cxxfilt...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fixed an out-of-bounds access in sndemu10k1pcmchannelalloc The voice allocator sometimes begins allocating from near the end of the array, and then wraps around. However, sndemu10k1pcmchannelalloc accesses the newl...
Astra Linux – Vulnerability in tar
GNU Tar version 1.34 has a one-byte out-of-bounds read operation, which allows for the use of uninitialized memory in a conditional jump. Exploitation to change the control flow of the program has not been demonstrated. The issue occurs in the fromheader section of the list.c file, due to a V7...
Astra Linux – Vulnerability in imagemagick
In the ParseMetaGeometry function of MagickCore/geometry.c, calculations for image height and width can lead to division-by-zero conditions, which can also result in undefined behavior. This flaw can be triggered by an input file processed by ImageMagick and may affect the availability of the...
Astra Linux – Vulnerability in curl
A poorly protected credentials vulnerability exists in curl 4.9, and versions including curl 7.82.0 are also affected. This vulnerability could allow attackers to extract credentials when using HTTPS redirections with authentication. As a result, credentials may be leaked to other services that...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswapwritebackentry, after obtaining a folio from readswapcacheasync, we reacquire the tree lock to ensure that the swap entry was not invalidated or recycled. If it...
Astra Linux – Vulnerability in Linux 5.10, Linux
Linux block and network PV device frontends do not zero memory regions before sharing them with the backend CVE-2022-26365, CVE-2022-33740. Additionally, the granularity of the grant table does not allow sharing smaller than a 4K page, resulting in unrelated data residing in the same 4K page as...
Astra Linux – Vulnerability in Linux, Linux 5.10
Incomplete cleanup in certain special register write operations for some Intel processors may allow an authenticated user to potentially enable information disclosure through local access...
Astra Linux – Vulnerability in openjpeg2
There is a flaw in OpenJPEG’s T2 encoder in versions prior to 2.4.0. An attacker who can provide crafted input for OpenJPEG to process may cause a null pointer dereferencing. The most significant impact of this flaw is the availability of the application...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fixed the issue of null pointer dereferencing on the pointer block. The pointer block returns from sndgf1dmanextblock, and it may be null. Therefore, there is a potential issue of null pointer dereferencing. This issue...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: exfat: fixed a potential deadlock in exfatgetdentryset When accessing a file with more entries than ESMAXENTRYNUM, the bh-array is allocated in exfatgetdentryset. The problem is that the bh-array is allocated using GFPKERNEL. Thi...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed an out-of-bounds situation when setting channels during iavfremove. If the channels are set to a value greater than what is actually allocated, it will cause a timeout, and an error will be returned. However, the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipvti: A potential issue related to slab-use-after-free has been fixed in decodesession6. When the ipvti device is set as a qdisc of the sfb type, the cb field of the sent skb may be modified during enqueueing. This can lead to a...
Astra Linux – Vulnerability in freeglut
It was discovered that freeglut through version 3.4.0 contains a memory leak due to the memory usage related to the menuEntry variable in the glutAddMenuEntry function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Error processing should be added before returning from the function, and the return value has been modified...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: USB: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise memory leaks will occur over time. To simplify things, simply call debugfslookupandremove, whic...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fixed a possible memory leak. This issue occurs in bnxtresetupchipctx, when bnxtqplibmapdbbar fails; the driver does not free the memory allocated for “rdev-chipctx”...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the reference count leak in hnsrocemmap. The function rdmausermmapentrygetpgoff takes a reference. Added the missing function rdmausermmapentryput to release the reference. Acknowledged by Haoyue Xu...
Astra Linux – Vulnerability in Jetty9
Jetty is a Java-based web server and servlet engine. In affected versions, servlets that support multipart requests e.g., annotated with @MultipartConfig and call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause an OutOfMemoryError when the client sends a multipart request...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe. Matching reports: drivers/tty/serial/arcuart.c:631: In arcSerialprobe, if uartaddoneport fails, port-membase is not released, which could lead to a resource leak. To fix this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Added a lock to protect the encoder context list. A lock was added for the ctxlist to prevent accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist is deleted due to an unexpect...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0....
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: octeonep: fixed a potential memory leak in octepdevicesetup. When errors such as unsupporteddev and mbox init occur, the variables oct-conf and iounmap oct-mmioi.hwaddr were not freed properly. This could lead to a memory leak...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported a memory leak in the MDIO bus interface. The problem stemmed from incorrect state logic. The MDIOBUSALLOCATED state indicates two possible statuses: 1. The bus is only allocated. 2. The...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fixed a possible NULL pointer dereferencing in sendacknowledge This issue involves handling memory allocation failures caused by nciskballoc, which calls allocskb. This fix prevents possible NULL pointer dereferences...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix for the debugfs directory leak The ULPI per-device debugfs root is named after the parent of the ulpi device. However, ulpiunregisterinterface attempts to remove a debugfs directory named after the ulpi device...
Astra Linux – Vulnerability in SOX
A heap buffer overflow vulnerability was discovered in sox, within the lsxreadbuf function at sox/src/formatsi.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved UI handling. This issue is fixed in iOS 16.2, iPadOS 16.2, and macOS Ventura 13.1. Visiting a website that contains malicious content may lead to UI spoofing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: fixed a soft lockup in mptcprecvmsg syzbot reported a soft lockup in mptcprecvmsg 0. When receiving data with the MSGPEEK | MSGWAITALL flags, the skb is not removed from the skreceivequeue. This causes skwaitdata to always...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fixed a crash in iommusvaunbinddevice domain-mm-iommumm can be freed by iommudomainfree: iommudomainfree mmdrop mmdrop mmpasiddrop After iommudomainfree returns, accessing domain-mm-iommumm may dereference a freed mm...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fixed the null pointer issue when the SMU is disabled. It is necessary to check whether the ppfuncs is initialized before releasing the context; otherwise, a null pointer panic will occur when the software SMU is n...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7996 – added a missing check for RX wcid entries. Non-station wcid entries must not be passed to the RX functions. In the case of the global wcid entry, it could even lead to corruption in the wcid array due to the...