Astra Linux - уязвимость в linux-5.10, linux-5.15

A buffer overflow vulnerability was discovered in the Netfilter subsystem of the Linux kernel. This issue could allow the leakage of both stack and heap addresses, and potentially enable Local Privilege Escalation to the root user through arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. Processing web content may lead to arbitrary code execution...

Astra Linux - уязвимость в firefox, thunderbird

Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This...

Astra Linux - уязвимость в webkit2gtk

The issue was resolved through improved memory handling. This issue is fixed in iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...

Astra Linux - уязвимость в e2fsprogs

A out-of-bounds read/write vulnerability was discovered in e2fsprogs 1.46.5. This issue results in a segmentation fault and may allow for arbitrary code execution through a specially crafted filesystem...

Astra Linux - уязвимость в opensc

A heap-based buffer overflow vulnerability was discovered in the libopensc OpenPGP driver. A specially crafted USB device or smart card, containing malicious responses to APDUs during the card enrollment process using the pkcs15-init tool, may lead to unauthorized access, potentially resulting in...

Astra Linux - уязвимость в gst-plugins-good1.0

Integer overflow in the avidemux element within the gstavidemuxinvert function, which allows for a heap overwrite during the parsing of AVI files. There is a potential for arbitrary code execution due to the heap overwrite...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. When performing a symlink lookup, the grub’s UFS module checks the data size of the inode to allocate an internal buffer to read the file content. However, it fails to check whether the data size of the symlink has exceeded its allocated limit. As a result, the...

Astra Linux - уязвимость в ipython

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to a vulnerability that allows arbitrary code to be executed, due to improper management of cross-user...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR...

Astra Linux - уязвимость в openimageio

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially crafted targa file can lead to out-of-bound read and write operations on the process stack, which can result in arbitrary code execution. An attacker can provide a malicious file...

Astra Linux - уязвимость в firefox

Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 107. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been...

Astra Linux - уязвимость в mariadb-10.3

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox...

Astra Linux - уязвимость в webkit2gtk

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2, and iPadOS 17.2, as well as tvOS 17.2. Processing web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, and iPadOS 14.4, as we...

Astra Linux - уязвимость в webkit2gtk

A memory corruption issue has been resolved through improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 v. 14610.4.3.1.7 and 15610.4.3.1.7, watchOS 7.3.2, and macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 126. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 127...

Astra Linux - уязвимость в libreoffice

Improper validation of the array index vulnerability in The Document Foundation LibreOffice’s spreadsheet component allows an attacker to create a spreadsheet document that causes an array index underflow upon loading. In the affected versions of LibreOffice, certain malformed spreadsheet formula...