Astra Linux – Vulnerability in WebKit2GTK

A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6, and iPadOS 15.7.6, Safari 16.5, iOS 16.5, and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4, as well as iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 114. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 115...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved restrictions. This issue is fixed in iOS 16.6, iPadOS 16.6, watchOS 9.6, tvOS 16.6, and macOS Ventura 13.5. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved checks. This issue has been fixed in tvOS 17, Safari 17, watchOS 10, iOS 17, and iPadOS 17, as well as macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5, and iPadOS 16.7.5; iOS 17.3, and iPadOS 17.3; macOS Sonoma 14.3; tvOS 17.3; and watchOS 10.3. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

A type confusion issue was addressed through improved checks. This issue has been fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, and visionOS 1.0.2. Processing...

Astra Linux – Vulnerability in WebKit2GTK

Integer overflow has been addressed through improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, and visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in libgit2

libgit2 is a portable C implementation of the Git core methods, provided as a linkable library with a robust API. It allows for integrating Git functionality into your application. However, using properly crafted inputs to gitindexadd can lead to heap corruption, which may be exploited for...

Astra Linux – Vulnerability in Firefox

Mozilla developers Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 99. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. Th...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2, iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, and iTunes 12.11 for Windows...

Astra Linux – Vulnerability in libtommath

An integer overflow vulnerability exists in the mpgrow function within the libtom library, as reported in commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9. This vulnerability allows attackers to execute arbitrary code and cause a denial of service DoS attack...

Astra Linux – Vulnerability in libnbd

A flaw was discovered in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with ‘-o’ are incorrectly interpreted as arguments for the Secure Shell SSH...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, and iPadOS 15.4, as well as tvOS 15.4. Processing maliciously crafted web content may...

Astra Linux – Vulnerability in libfile-find-rule-perl

File::Find::Rule in Perl version 0.34 is vulnerable to arbitrary code execution when grep encounters a crafted filename. A file handle is opened using the 2-argument form of open, allowing an attacker-controlled filename to specify the MODE parameter, thereby turning the filename into an executab...

Astra Linux – Vulnerability in tpm2-tss

tpm2-tss is an open-source software implementation of the Trusted Computing Group’s Trusted Platform Module 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, functions Tss2RCSetHandler and Tss2RCDecode both indexed into layerhandler using an 8-bit layer number. However,...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145, and Thunderbird 145. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability wa...