Astra Linux – Vulnerability in GhostScript

A issue was discovered in psi/zfile.c in Artifex Ghostscript prior to version 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...

Astra Linux – Vulnerability in Firefox

Due to unexpected data type conversions, a use-after-free might have occurred when interacting with the font cache. We assume that with sufficient effort, this vulnerability could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 88...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2, and iPadOS 17.7.2; iOS 18.1.1 and iPadOS 18.1.1; macOS Sequoia 15.1.1; and visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in WebKit2GTK

Multiple memory corruption issues have been resolved through improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143, and Thunderbird 143. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...

Astra Linux – Vulnerability in Vim

Vim is an open-source, command-line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin could allow overwriting of arbitrary files when opening specially crafted zip archives. The impact is limited because this exploit requires direct user interaction. However,...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15, and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Velocity

An attacker who is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify Velocity templates running Apache...

Astra Linux – Vulnerability in exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...

Astra Linux – Vulnerability in Pandoc

Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file-write vulnerability. This vulnerability could be exploited by including a...

Astra Linux – Vulnerability in ffmpeg5

The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through libavutil/imgutils.c:353:9 in the imagecopyplane function...

Astra Linux – Vulnerability in Firefox, Thunderbird

Mozilla developers reported memory safety bugs in the code shared between Firefox and Thunderbird. Some of these bugs showed signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects...

Astra Linux – Vulnerability in WebKit2GTK

A type confusion issue has been resolved through improved state handling. This issue is fixed in iOS 14.8, iPadOS 14.8, tvOS 15, iOS 15, and iPadOS 15, Safari 15, and watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

Integer overflow has been addressed through improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2, iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, and iTunes 12.11 for Windows...

Astra Linux – Vulnerability in libtommath

An integer overflow vulnerability exists in the mpgrow function within the libtom library, as reported in commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9. This vulnerability allows attackers to execute arbitrary code and cause a denial of service DoS attack...