486004 matches found
Astra Linux – Vulnerability in lxml
A XSS vulnerability was discovered in the python-lxml’s clean module versions prior to 4.6.3. When the “safe attrsonly” and “forms” arguments are disabled, the Cleaner class does not remove the “formaction” attribute, allowing JavaScript to bypass the sanitizer. A remote attacker could exploit th...
Astra Linux – Vulnerability in faad2
A issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbrqmfanalysis32 located in sbrqmf.c. This allows an attacker to cause code execution...
Astra Linux – Vulnerability in ntfs-3g
NTFS-3G versions prior to 2021.8.22 may experience a stack buffer overflow when correcting differences between the MFT Mounted File Table and MFTMirror. This can lead to code execution or an escalation of privileges when using the setuid-root account...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2, and iPadOS 16.2, as well as watchOS 9.2. Processing maliciously crafted web content may le...
Astra Linux – Vulnerability in exim4
Exim: Improper Neutralization of Special Elements Leading to Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected Exim installations. Authentication is not required to exploit this vulnerability. The specific flaw resides within the...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 110. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 111...
Astra Linux – Vulnerability in Firefox, Thunderbird
When Responsive Design Mode was enabled, it used references to objects that had previously been freed. We assume that with sufficient effort, this could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. In affected versions, a integer overflow bug in Redis can be exploited to corrupt the heap and potentially lead to remote code execution. The vulnerability involves changing the default proto-max-bulk-len and...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger an...
Astra Linux – Vulnerability in libsdl2, libsdl1.2
There is a heap overflow issue in the video/SDLpixels.c file in SDL Simple DirectMedia Layer versions 2.x to 2.0.18. By creating a malicious .BMP file, an attacker can cause the application using this library to crash, result in a denial of service, or lead to code execution...
Astra Linux – Vulnerability in gstreamer1.0, gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...
Astra Linux – Vulnerability in openimageio
There are multiple memory corruption vulnerabilities in the IFFOutput alignment padding functionality of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in Firefox, Thunderbird
When handling keypress events, an attacker might have been able to trick a user into bypassing the “Open Executable File?” confirmation dialog. This could have led to the execution of malicious code. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...
Astra Linux – Vulnerability in joblib
The joblib package from versions 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution through the predispatch flag in the Parallel class, due to the eval statement...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been addressed through improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7. Processing maliciously crafted web content may lead to code execution...
Astra Linux – Vulnerability in ffmpeg5
FFmpeg v.n6.1-3-g466799d4f5 allows for memory consumption when using the colorcorrect filter, specifically in the avmalloc function located at line 105:9 of the libavutil/mem.c file...
Astra Linux – Vulnerability in WebKit2GTK
The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, and Safari 16.6. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in SOX
A heap buffer overflow vulnerability was discovered in sox, specifically in the startread function at sox/src/hcom.c:160:41. This flaw can lead to denial of service, code execution, or information disclosure...