Astra Linux - уязвимость в qemu

A reentrancy issue was discovered in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750. Just like in that case, when the reentrancy trigger the reset function nvmectrlreset, data structures will be freed, leading to a use-after-free vulnerability. A malicious...

Astra Linux - уязвимость в firefox

Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 107. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 110 and Firefox ESR 102.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions less than 111,...

Astra Linux - уязвимость в binutils

The binutils version 2.32 and earlier contains an Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound, and bfdcanonicalizedynamicreloc. This vulnerability can lead to Integer Overflow, which in turn triggers Heap Overflow. Successful exploitation of this vulnerability allows f...

Astra Linux - уязвимость в firefox, thunderbird

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 103 and Firefox ESR 102.1. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...

Astra Linux - уязвимость в mariadb-10.3

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146, and Thunderbird 146. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 126. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 127...

Astra Linux - уязвимость в firefox

Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 98. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to...

Astra Linux - уязвимость в firefox

When Web Render components were destroyed, a race condition could lead to undefined behavior. We assume that with sufficient effort, this vulnerability could be exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 88.0.1, as well as Firefox for Android...

Astra Linux - уязвимость в exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...

Astra Linux - уязвимость в firefox

Mozilla developers reported memory safety bugs in Firefox 89. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of Firefox prior to 90...

Astra Linux - уязвимость в webkit2gtk

A memory corruption issue has been resolved through improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 v. 14610.4.3.1.7 and 15610.4.3.1.7, watchOS 7.3.2, and macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, and iPadOS 14.4, as we...

Astra Linux - уязвимость в cpio

In GNU Cpio from version 2.13 onwards, attackers can execute arbitrary code by using a crafted pattern file. This occurs due to a dstring.c dsfgetstr integer overflow, which triggers an out-of-bounds heap write. NOTE: It is unclear whether there are common cases where the pattern file, associated...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 135. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 135.0.1...

Astra Linux - уязвимость в webkit2gtk

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2, and iPadOS 17.2, as well as tvOS 17.2. Processing web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

A race condition has been addressed through improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4, and iPadOS 15.4, as well as tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code...