113932 matches found
Astra Linux - уязвимость в exempi
The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...
Astra Linux - уязвимость в libfile-find-rule-perl
File::Find::Rule in version 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. The open function is called with the 2-argument form, allowing an attacker-controlled filename to specify the MODE parameter. This turns the filename into an executable...
Astra Linux - уязвимость в firefox
Memory safety bugs exist in Firefox 109. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 110...
Astra Linux - уязвимость в firefox, thunderbird
Memory safety bugs exist in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR...
Astra Linux - уязвимость в webkit2gtk
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6, and iPadOS 15.7.6, Safari 16.5, iOS 16.5, and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux - уязвимость в webkit2gtk
Integer overflow has been addressed through improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux - уязвимость в webkit2gtk
The issue was resolved through improved bounds checks. This issue has been fixed in tvOS 15.6, watchOS 8.7, iOS 15.6, and iPadOS 15.6, macOS Monterey 12.5, and Safari 15.6. Processing web content may lead to arbitrary code execution...
Astra Linux - уязвимость в webkit2gtk
This issue has been resolved through improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3, and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux - уязвимость в exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by an improper input validation vulnerability, which may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
Astra Linux - уязвимость в firefox, thunderbird
Memory safety bugs exist in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142, and Thunderbird 142. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...
Astra Linux - уязвимость в busybox
There is a stack overflow vulnerability in ash.c:6030 in busybox before version 1.35. In the environment of the Internet of Vehicles, this vulnerability can lead to the execution of arbitrary code from commands...
Astra Linux - уязвимость в webkit2gtk
The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...
Astra Linux - уязвимость в zsh
In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, leading to a “use-after-free” scenario. This could allow arbitrary code to be...
Astra Linux - уязвимость в git
Git is a distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is an integer overflow in...
Astra Linux - уязвимость в grub2
There is a use-after-free vulnerability in the grubcmdchainloader function. The chainloader command is used to boot up operating systems that do not support multiboot and do not have direct support from GRUB2. When executing chainloader more than once, a use-after-free vulnerability is triggered...
Astra Linux - уязвимость в webkit2gtk
Integer overflow has been addressed through improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, and visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux - уязвимость в ffmpeg
In FFmpeg versions prior to 5.1.2, the libavcodec/pthreadframe.c file, used in VLC and other products, leaves stale hwaccel state in worker threads. This allows attackers to trigger a use-after-free and execute arbitrary code under certain circumstances e.g., during hardware reinitialization upon...
Astra Linux - уязвимость в libgsf
There is an integer overflow vulnerability in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can lead to an integer overflow when processing the directory from the file, allowing an out-of-bounds ind...
Astra Linux - уязвимость в webkit2gtk
A memory corruption issue has been resolved through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4, as well as iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report...