Astra Linux – Vulnerability in Zabbix

The Zabbix Agent 2 smartctl plugin does not properly sanitize the parameters of the smart.disk.get command, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0, this allows for remote code execution...

Astra Linux – Vulnerability in ffmpeg

In FFmpeg versions prior to 5.1.2, the libavcodec/pthreadframe.c file, used in VLC and other products, leaves stale hwaccel state in worker threads. This allows attackers to trigger a use-after-free and execute arbitrary code under certain circumstances e.g., during hardware reinitialization upon...

Astra Linux – Vulnerability in libmysofa

A buffer overflow in the readDataVar function in hdf/dataobject.c within Symonics’ libmysofa 0.5 – 1.1 allows attackers to execute arbitrary code through a crafted SOFA...

Astra Linux – Vulnerability in CGal

There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h: SNCioParser::readsface sfh-boundaryentryobjects Sloopof. A specially crafted, malformed file can lead to an out-of-bounds re...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux – Vulnerability in Chromium

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Astra Linux – Vulnerability in Firefox and Thunderbird

Mozilla developers and community members reported memory safety bugs in Firefox 93 and Firefox ESR 91.2. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...

Astra Linux – Vulnerability in TIF format

A heap-based buffer overflow flaw was discovered in libtiff, particularly in the handling of TIFF images using libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed Buffer Underwrite, which could allow unauthenticated remote attackers to execute arbitrary commands. This is because smtpungetc was only intended for pushing back characters, but it can actually be used to push back non-character error codes, such as EOF...

Astra Linux - Vulnerability in Rails

A potential vulnerability that could lead to remote code execution RCE exists when using YAML-serialized columns in Active Record versions prior to 7.0.3.1, 6.1.6.1, 6.0.5.1, and 5.2.8.1, which could allow an attacker capable of manipulating data in the database through means such as SQL injectio...

Astra Linux – Vulnerability in libpgjava

pgjdbc is the official PostgreSQL JDBC Driver. A security flaw was discovered in the JDBC driver for the postgresql database during security research. Systems that use the postgresql library will be vulnerable when an attacker controls the JDBC URL or connection properties. pgjdbc creates plugin...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.3, iOS 15.4, iPadOS 15.4, tvOS 15.4, and Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code...

Astra Linux – Vulnerability in cups-filters

“Cups-filters” contains backends, filters, and other software necessary to enable the “cups printing service” on operating systems other than macOS. In versions 2.0.1 and earlier, a heap-buffer-overflow vulnerability in the “rastertopclx” filter caused the program to crash with a segmentation fau...

Astra Linux – Vulnerability in gdk-pixbuf

In GNOME GdkPixbuf also known as gdk-pixbuf up to version 2.42.10, the ANI decoder used for Windows animated cursors encounters heap memory corruption when parsing chunks from a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, resulting in a denial-of-service...

Astra Linux – Vulnerability in exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a Buffer Underflow vulnerability, which could lead to the execution of arbitrary code in the context of the current user. Exploiting this issue requires user interaction, as the victim must open a malicious file...

Astra Linux – Vulnerability in Firefox and Thunderbird

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 96 and Firefox ESR 91.5. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...

Astra Linux – Vulnerability in Thunderbird, Firefox

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially lead to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

Astra Linux – Vulnerability in busybox

A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handlespecial function...

Astra Linux – Vulnerability in Git

Git is a distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is an integer overflow in...

Astra Linux – Vulnerability in Firefox and Thunderbird

The Mozilla Fuzzing Team reported potential vulnerabilities in Thunderbird 91.10. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these vulnerabilities could have been exploited to execute arbitrary code. This vulnerability affects Firef...