485987 matches found
Astra Linux – Vulnerability in jqueryui
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6, and iPadOS 15.7.6, Safari 16.5, iOS 16.5, and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2, and iPadOS 16.2, as well as watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in openimageio
A buffer overflow vulnerability exists in OpenImageIO v.2.4.12.0 and earlier versions. This vulnerability allows a remote attacker to execute arbitrary code and obtain sensitive information through a crafted file sent to the readimg function...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers and community members reported memory safety bugs in Firefox 93 and Firefox ESR 91.2. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed Buffer Underwrite, which could allow unauthenticated remote attackers to execute arbitrary commands. This is because smtpungetc was only intended for pushing back characters, but it can actually be used to push back non-character error codes, such as EOF...
Astra Linux – Vulnerability in Apache Log4j1.2
The JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration, or when the configuration references an LDAP service to which the attacker has access. The attacker can provide a...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...
Astra Linux – Vulnerability in TIF format
A vulnerability was discovered in libtiff due to multiple potential integer overflows in the raw2tiff.c file. This flaw allows remote attackers to cause a denial of service or potentially execute arbitrary code through a crafted TIF image, triggering a heap-based buffer overflow...
Astra Linux – Vulnerability in TIF format
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service application crash or potentially execute arbitrary code through a crafted TIFF image, which triggers a heap-based buffer overflow...
Astra Linux – Vulnerability in xorg-server
A vulnerability was discovered in X.Org. This security flaw arises due to issues with the length validation of the handler for the XIChangeProperty request, leading to out-of-bounds memory reads and potential information disclosure. This issue can result in elevation of local privileges on system...
Astra Linux – Vulnerability in xorg-server
A vulnerability was discovered in X.Org. This security flaw arises because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges escalation on systems where the X server is running with privileged access, and may...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in the X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can lead to a heap buffer overflow condition, which may result in an application...
Astra Linux – Vulnerability in libx11
The LookupCol.c file in X.Org X, as well as versions of X11 such as X11R7.7 and libX11 before version 1.7.1, may allow remote attackers to execute arbitrary code. The libX11 XLookupColor function, intended for server-side color lookups, contains a flaw that allows a client to send color-name...
Astra Linux – Vulnerability in ffmpeg
A buffer overflow vulnerability exists in FFmpeg 4.2 in the movwritevideotag function, due to an out-of-bounds access in the libavformat/movenc.c file. This vulnerability could allow a remote malicious user to obtain sensitive information, cause a Denial of Service, or execute arbitrary code...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...
Astra Linux – Vulnerability in ffmpeg, ffmpeg5
A buffer overflow vulnerability exists in Ffmpeg v.n6.1-3-g466799d4f5, allowing a local attacker to execute arbitrary code through the ffbwdiffilterintrac function in the libavfilter/bwdifdsp.c:125:5 component...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in watchOS 10, iOS 17, iPadOS 17, tvOS 17, macOS Sonoma 14, and Safari 17. Processing web content may lead to arbitrary code execution...