205792 matches found
Astra Linux – Vulnerability in WebKit2GTK
A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4, and iPadOS 15.4, as well as tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code...
Astra Linux – Vulnerability in Cpio
In GNU Cpio from version 2.13 onwards, attackers can execute arbitrary code by using a crafted pattern file. This occurs due to a dstring.c dsfgetstr integer overflow, which triggers an out-of-bounds heap write. NOTE: It is unclear whether there are common cases where the pattern file, associated...
Astra Linux – Vulnerability in Zabbix
An attacker who has the privilege to configure Zabbix items can use the icmpping function, along with additional malicious commands, to execute arbitrary code on the current Zabbix server...
Astra Linux – Vulnerability in busybox
There is a stack overflow vulnerability in ash.c:6030 in busybox before version 1.35. In the environment of the Internet of Vehicles, this vulnerability can lead to the execution of arbitrary code from commands...
Astra Linux – Vulnerability in Firefox
Due to unexpected data type conversions, a use-after-free might have occurred when interacting with the font cache. We assume that with sufficient effort, this vulnerability could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 88...
Astra Linux – Vulnerability in WebKit2GTK
There is a use-after-free vulnerability in the MediaRecorder API of Webkit GTK 2.40.5. A specially crafted web page can exploit this vulnerability to cause memory corruption and potentially allow for arbitrary code execution. A user would need to visit a malicious webpage in order to trigger this...
Astra Linux – Vulnerability in Firefox
Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 98. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers reported memory safety bugs in the code shared between Firefox and Thunderbird. Some of these bugs showed signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects...
Astra Linux – Vulnerability in ffmpeg
In FFmpeg versions prior to 5.1.2, the libavcodec/pthreadframe.c file, used in VLC and other products, leaves stale hwaccel state in worker threads. This allows attackers to trigger a use-after-free and execute arbitrary code under certain circumstances e.g., during hardware reinitialization upon...
Astra Linux – Vulnerability in WebKit2GTK
Processing web content may lead to arbitrary code execution. This issue has been fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, and Safari 17. The issue was addressed through improved memory handling...
Astra Linux – Vulnerability in curl
There is a path traversal vulnerability in the 8.0.0 SFTP implementation of curl. This vulnerability causes the tilde character to be incorrectly replaced when used as a prefix in the first path element. Additionally, the tilde is intended to be used as the first element to indicate a path relati...
Astra Linux – Vulnerability in pillow
Pillow through 10.1.0 allows for arbitrary code execution via the environment parameter. This is a different vulnerability than CVE-2022-22817, which involved the expression parameter...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may...
Astra Linux – Vulnerability in WebKit2GTK
A vulnerability related to out-of-bounds reads has been addressed through improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code executio...
Astra Linux – Vulnerability in WebKit2GTK
Integer overflow has been addressed through improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in WebKit2GTK
A race condition has been addressed through improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in ffmpeg
A heap-use-after-free in the avfreep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved state management. This issue is fixed in tvOS 15.5, iOS 15.5, iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, and Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in WebKit2GTK
A type confusion issue has been addressed through improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, and Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a repor...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3, and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution...