172487 matches found
Astra Linux – Vulnerability in GSL
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing input data that is maliciously crafted for the gslstatsquantilefromsorteddata function of this library may result in unexpected application...
Astra Linux – Vulnerability in libde265
It was discovered that libde265 v1.0.10 contains a NULL pointer dereferencing in the ffhevcputweightedpredavg8sse function located at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...
Astra Linux – Vulnerability in Thunderbird, Firefox
ANGLE failed to initialize parameters, which resulted in reading from uninitialized memory. This vulnerability could be exploited to leak sensitive data from memory. This issue affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...
Astra Linux – Vulnerability in Thunderbird
To protect ICU from exploitation, the behavior for out-of-memory conditions has been changed to a crash instead of attempting to continue. This vulnerability affects Firefox ESR 115.9 and Thunderbird 115.9...
Astra Linux – Vulnerability in glibc
The iconv function in the GNU C Library also known as glibc or libc6 version 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially leading to a denial of service...
Astra Linux – Vulnerability in Gdal
In GDAL version 3.0.1 and later, there is a double-free in the poolDestroy function within OGRExpatRealloc in the ogr/ogrexpat.cpp file, which occurs when the 10MB threshold is exceeded...
Astra Linux – Vulnerability in libimage-exiftool-perl
In ExifTool’s lib/Image/ExifTool.pm, version 12.38 incorrectly handles the $file = /|$/ check, resulting in command injection...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed input stream. However, no users are affected as long ...
Astra Linux – Vulnerability in libyaml-libyaml-perl
YAML-LibYAML before version 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...
Astra Linux – Vulnerability in pypdf2
PyPDF2 is an open-source Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5, an attacker who exploited this vulnerability could create a PDF that would cause an infinite loop if the PyPDF2 code attempted to access the...
Astra Linux – Vulnerability in Apache Log4j2
Apache Log4j2 versions 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 have JNDI features that are used in configuration, log messages, and parameters. However, these features do not protect against attacks from controlled LDAP endpoints and other JNDI-related...
Astra Linux – Vulnerability in glib2.0
A flaw was discovered in glib. Missing validation of the offset and count parameters in the gbufferedinputstreampeek function can lead to an integer overflow during length calculations. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy,...
Astra Linux – Vulnerability in Chromium, WebKit2GTK
The use of after-free in ANGLE in Google Chrome before version 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in golang-github-golang-jwt-jwt
golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which is untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok
The defineAttribute function in xmlparse.c of Expat also known as libexpat has an integer overflow before version 2.4.3...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restricted kiocbsetcancelfn to I/O submitted via libaio. If kiocbsetcancelfn is called for I/O submitted via iouring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocbsetcancelfn+0x9c/0x...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service—only by manipulating the processed input stream when XStream is configured to use th...
Astra Linux – Vulnerability in xerces-c
An integer overflow exists in xerces-c++ 3.2.3 in the BigFix Platform, allowing remote attackers to gain out-of-bound access through HTTP requests...
Astra Linux – Vulnerability in libgd2
The GD Graphics Library also known as LibGD in versions 2.3.2 and earlier has a vulnerability due to the lack of checks for the return values of gdGetBuf and gdPutBuf functions...