15715 matches found
Astra Linux – Vulnerability in Thunderbird
Thunderbird allows the use of the Text DirectionOverride Unicode Character in filenames. As a result, an email attachment might be incorrectly displayed as a document file, when in fact it is an executable file. Older versions of Thunderbird will remove this character and display the correct file...
Astra Linux – Vulnerability in Firefox
Under unusual circumstances, selecting text may cause text selection caching to behave incorrectly, resulting in a crash. This vulnerability affects Firefox versions less than 99...
Astra Linux – Vulnerability in xterm
With Patch 370, xterm enables Sixel support. When this is enabled, attackers can exploit a buffer overflow in the setsixel function in graphicssixel.c by using crafted text...
Astra Linux – Vulnerability in Chromium
The use of after-free in TextEncoding in Google Chrome before version 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src
A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...
Astra Linux – Vulnerability in Thunderbird
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is displayed when the mouse hovers over any attachment. Although the correct link is used upon clicking, the misleading hover text may lead users to download conten...
Astra Linux – Vulnerability in Qemu
An integer underflow issue was discovered in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could exploit this flaw to render QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in several Ansible modules, where parameters containing credentials, such as “secrets,” were logged in plain text on managed nodes, and were also made visible on the controller node when run in verbose mode. These parameters were not protected by the “nolog” feature. An...
Astra Linux – Vulnerability in ofono
oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
Astra Linux – Vulnerability in Parsec
The vulnerability of the typefromtext function in the PARSEC security subsystem is related to accessing beyond the global buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service failures...
Astra Linux – Vulnerability in musl
Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...
Astra Linux – Vulnerability in Firefox and Thunderbird
When inserting text while in edit mode, some characters may cause out-of-bounds memory access, leading to potentially exploitable crashes. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Astra Linux – Vulnerability in Zabbix
Currently, the geomap configuration Administration - General - Geographical maps allows the use of HTML in the “Attribution text” field when the “Other” Tile provider is selected...
Astra Linux – Vulnerability in golang-golang-x-text
An attacker can cause a denial of service by creating an Accept-Language header that requires ParseAcceptLanguage to take significant time to process...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: kprobes: Fixed a possible use-after-free issue during kprobe registration. When unloading a module, its state changes from MODULESTATELIVE to MODULESTATEGOING, and then to MODULESTATEUNFORMED. Each of these changes takes some...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fixed bpfarchtextpoke when newaddr == NULL again. The commit 7ded842b356d "s390/bpf: Fixed bpfplt pointer arithmetic" accidentally removed the critical portion of the commit c730fce7c70c "s390/bpf: Fixed bpfarchtextpoke...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport init-annotated xfrm4protocolinit EXPORTSYMBOL and init are a poor combination, as the .init.text section is freed after initialization. As a result, modules cannot use symbols annotated with init. Access to a...
Astra Linux – Vulnerability in Thunderbird
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text is never displayed to the user. This is because the text is interpreted as a MIME message, and the first paragraph is always treated as part of an email header section. A digitally signed text...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in Ceph versions prior to 16.y.z, where Ceph stores mgr module passwords in plain text. This can be identified by searching the mgr logs using Grafana and the dashboard, as the passwords are visible...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QEMU-built-in VNC server during the processing of ClientCutText messages. A incorrect exit condition may lead to an infinite loop when inflating a zlib buffer controlled by an attacker in the inflatebuffer function. This could allow a remotely authenticated client, wh...