Astra Linux – Vulnerability in WebKit2GTK

A type confusion issue has been addressed through improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, and Safari. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that...

Astra Linux – Vulnerability in WebKit2GTK

A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1, iPadOS 15.1, watchOS 8.1, and tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 126. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 127...

Astra Linux – Vulnerability in ipython

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to a vulnerability that allows arbitrary code to be executed, due to improper management of cross-user...

Astra Linux – Vulnerability in zsh

In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...

Astra Linux – Vulnerability in Firefox

Mozilla developers reported memory safety bugs in Firefox 92. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 93...

Astra Linux – Vulnerability in Linux

It was discovered that the eBPF implementation in the Linux kernel failed to properly track bound information for 32-bit registers when performing division and modulo operations. A local attacker could use this vulnerability to potentially execute arbitrary code...

Astra Linux – Vulnerability in Ruby 2.5

In RDoc 3.11 through 6.x, as distributed with Ruby up to 3.0.1, it was possible to execute arbitrary code using | and tags within a filename...

Astra Linux – Vulnerability in WebKit2GTK

Multiple memory corruption issues have been resolved through improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, and Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in grub2

There is a use-after-free vulnerability in the grubcmdchainloader function. The chainloader command is used to boot up operating systems that do not support multiboot and do not have direct support from GRUB2. When executing chainloader more than once, a use-after-free vulnerability is triggered...

Astra Linux – Vulnerability in Firefox

Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 107. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been...

Astra Linux – Vulnerability in Thunderbird, Firefox

Memory safety bugs exist in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has be...

Astra Linux – Vulnerability in pyyaml

A vulnerability was discovered in the PyYAML library in versions prior to 5.4. In these versions, the library is susceptible to arbitrary code execution when it processes untrusted YAML files using the fullload method or the FullLoader loader. Applications that use this library to process untrust...

Astra Linux – Vulnerability in gst-plugins-good1.0

Integer overflow in the avidemux element within the gstavidemuxinvert function, which allows for a heap overwrite during the parsing of AVI files. There is a potential for arbitrary code execution due to the heap overwrite...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, and tvOS 17.1. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox version...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has be...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146, and Thunderbird 146. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...

Astra Linux – Vulnerability in glibc

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...