Astra Linux - уязвимость в chromium

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of after-free in WebRTC in Google Chrome before version 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

“Type Confusion in V8 in Google Chrome” before version 125.0.6422.112 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Before version 125.0.6422.141, the Streams API in Google Chrome allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of “after free” in scheduling in Google Chrome prior to version 125.0.6422.76 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Ruby 2.5

A issue was discovered in RDoc versions 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resulting remote code execution are possible because there are no restrictions on the classes that c...

Astra Linux - уязвимость в git

Git is a distributed revision control system. The gitattributes command allows for the definition of attributes for certain file paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be applie...

Astra Linux - уязвимость в h2database

The H2 Console before version 2.1.210 allowed remote attackers to execute arbitrary code through a jdbc:h2:mem JDBC URL that contained the IGNOREUNKNOWNSETTINGS=TRUE;FORBID CREATION=FALSE;INIT=RUNSCRIPT substring. This is a different vulnerability than CVE-2021-42392. source-iocs-preserved...

Astra Linux - уязвимость в chromium

Before version 81.0.4044.92, using the "After Free" feature in Google Chrome allowed a remote attacker to execute arbitrary code through a crafted HTML page...

Astra Linux - уязвимость в redis

It was discovered that Redis, a persistent key-value database, due to a packaging issue, is susceptible to a Lua sandbox escape that is specific to Debian. This could lead to remote code execution...

Astra Linux – Vulnerability in Wireshark

Improper URL handling in Wireshark versions 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 may allow for remote code execution through packet injection or crafted capture files...

Astra Linux – Vulnerability in WebKit2GTK

A use-after-free vulnerability exists in WebCore::RenderLayer::setNextSibling in WebKitGTK before version 2.36.8, allowing attackers to execute code remotely...

Astra Linux - уязвимость в libksba

A vulnerability was discovered in the Libksba library due to an integer overflow within the CRL parser. This vulnerability can be exploited remotely to execute code on the target system by passing specially crafted data to the application, such as a malicious S/MIME attachment...

Astra Linux - уязвимость в heimdal, samba

Before version 7.7.1, Heimdal allowed remote attackers to execute arbitrary code due to an invalid free operation in the ASN.1 codec used by the Key Distribution Center KDC...

Astra Linux - уязвимость в python-reportlab

The paraparser module in ReportLab before version 3.5.31 allows for remote code execution. This occurs because the startunichar function in paraparser.py evaluates untrusted user input as a Unicode character in a crafted XML document. The input includes the string “'code='” followed by arbitrary...

Astra Linux - уязвимость в php7.3

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading PHAR files, insufficient length checking may lead to a stack buffer overflow, potentially causing memory corruption or Remote Code Execution RCE...

Astra Linux - уязвимость в firefox, thunderbird

The WebGL DrawElementsInstanced method was vulnerable to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Astra Linux - уязвимость в wpa

In p2pcopyclientinfo of p2p.c, there is a potential out-of-bounds write vulnerability due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, without the need for additional execution privileges. User interaction is not...

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...