MAL-2026-4467 Malicious code in @weirdorg/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...

openexr security update

An update is available for openexr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file format...

Astra Linux - уязвимость в libfile-find-rule-perl

File::Find::Rule in version 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. The open function is called with the 2-argument form, allowing an attacker-controlled filename to specify the MODE parameter. This turns the filename into an executable...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.3, iOS 15.4, iPadOS 15.4, tvOS 15.4, and Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code...

Astra Linux - уязвимость в webkit2gtk

A type confusion issue has been resolved through improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, and iPadOS 14.4, as well as Safari 14.0.3. Processing maliciously crafted web...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 144 and Thunderbird 144. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 145 and Thunderbird...

Astra Linux - уязвимость в exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...

Astra Linux - уязвимость в webkit2gtk

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5, and iPadOS 16.7.5; iOS 17.3, and iPadOS 17.3; macOS Sonoma 14.3; tvOS 17.3; and watchOS 10.3. Processing web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

A type confusion issue has been resolved through improved state handling. This issue is fixed in iOS 14.8, iPadOS 14.8, tvOS 15, iOS 15, and iPadOS 15, Safari 15, and watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

Multiple memory corruption issues have been resolved through improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, and Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

A type confusion issue has been resolved through improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox version...

Astra Linux - уязвимость в ghostscript

A issue was discovered in psi/zfile.c in Artifex Ghostscript prior to version 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution...

Astra Linux - уязвимость в emacs

In elisp-mode.el of GNU Emacs prior to version 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion, allowing attackers to execute arbitrary code. This unsafe expansion also occurs if a user...

Astra Linux - уязвимость в webkit2gtk

A memory corruption issue has been resolved through improved state management. This issue is fixed in tvOS 15.5, iOS 15.5, iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, and Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в busybox

Busybox contains a vulnerability related to SSL certificate validation. This vulnerability exists in the “busybox wget” applet, and it can lead to the execution of arbitrary code. This vulnerability appears to be exploitable by simply downloading any file over an HTTPS connection using “busybox...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Ventura 13, iOS 16.1, iPadOS 16, and Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в firefox

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs in Firefox 97. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This...

Astra Linux - уязвимость в webkit2gtk

A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1, iPadOS 15.1, watchOS 8.1, and tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution...