120826 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs in Thunderbird 91.7. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved validation. This issue is fixed in iOS 15.6, iPadOS 15.6, macOS Monterey 12.5, and Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143, and Thunderbird 143. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc commit 31f7804. A heap buffer overflow in the pdfwritenames function in ps-pdf.cxx may lead to arbitrary code execution and a Denial of Service DoS attack...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4, as well as iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report...
Astra Linux – Vulnerability in WebKit2GTK
Integer overflow has been addressed through improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, and visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in Firefox, Thunderbird
Memory safety bugs exist in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142, and Thunderbird 142. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...
Astra Linux – Vulnerability in libnbd
A flaw was discovered in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with ‘-o’ are incorrectly interpreted as arguments for the Secure Shell SSH...
Astra Linux – Vulnerability in WebKit2GTK
Processing web content may lead to arbitrary code execution. This issue has been fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, and Safari 17. The issue was addressed through improved memory handling...
Astra Linux – Vulnerability in Firefox
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities in Firefox 101. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these vulnerabilities could have been exploited to execute arbitrary...
Astra Linux – Vulnerability in WebKit2GTK
A vulnerability related to out-of-bounds reads has been addressed through improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code executio...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in Safari 16.4.1, iOS 15.7.5, and iPadOS 15.7.5; iOS 16.4.1, and iPadOS 16.4.1; as well as macOS Ventura 13.3.1. Processing maliciously crafted web...
Astra Linux – Vulnerability in libgit2
libgit2 is a portable C implementation of the Git core methods, provided as a linkable library with a robust API. It allows for integrating Git functionality into your application. However, using properly crafted inputs to gitindexadd can lead to heap corruption, which may be exploited for...
Astra Linux – Vulnerability in Firefox, Thunderbird
When Responsive Design Mode was enabled, it used references to objects that had previously been freed. We assume that with sufficient effort, this could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Astra Linux – Vulnerability in gstreamer1.0, gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...
Astra Linux – Vulnerability in openimageio
There are multiple memory corruption vulnerabilities in the IFFOutput alignment padding functionality of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in joblib
The joblib package from versions 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution through the predispatch flag in the Parallel class, due to the eval statement...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, and iPadOS 15.4, as well as tvOS 15.4. Processing maliciously crafted web content may...
Astra Linux – Vulnerability in zbar
There is a heap-based buffer overflow in the qrreadermatchcenters function of ZBar 0.23.90. specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To exploit this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...