Astra Linux – Vulnerability in p7zip

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and earlier contained a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB. This vulnerability could allow attackers to execute arbitrary code or cause...

Astra Linux – Vulnerability in Chromium

The use of after-free in V8 in Google Chrome before version 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Firefox

Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 105. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This...

Astra Linux – Vulnerability in OpenSSH

Using SSH in OpenSSH before version 10.1 allows for the use of the '\0' character in an SSH URI. This could potentially lead to code execution when a ProxyCommand is used...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Ventura 13, iOS 16.1, iPadOS 16, and Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in TIF format

An integer overflow flaw was discovered in libtiff, which resides in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and system...

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying metadata of image files. A heap buffer overflow has been discovered in Exiv2 versions v0.27.3 and earlier. The heap overflow occurs when Exiv2 is used to write metadata into a specially crafted image fil...

Astra Linux – Vulnerability in h2database

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes the class name of the driver and the URL of the database as parameters. An attacker may pass in a JNDI driver name and a URL that points to an LDAP or RMI server, allowing for remote code execution. This vulnerability can be...

Astra Linux – Vulnerability in Firefox, Thunderbird

If a user were convinced to drag and drop an image onto their desktop or another folder, the resulting object could be transformed into an executable script that would execute arbitrary code upon the user clicking on it. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91....

Astra Linux – Vulnerability in Firefox, Thunderbird

Mozilla developers and community members reported memory safety bugs in Firefox 86 and Firefox ESR 78.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...

Astra Linux – Vulnerability in WebKit2GTK

A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in libfile-find-rule-perl

File::Find::Rule in Perl version 0.34 is vulnerable to arbitrary code execution when grep encounters a crafted filename. A file handle is opened using the 2-argument form of open, allowing an attacker-controlled filename to specify the MODE parameter, thereby turning the filename into an executab...

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream, if the library is used in versions outside the box with...

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed input stream. However, no users are affected as long ...

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...