486010 matches found
Astra Linux – Vulnerability in Erlang
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server might allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in the SSH protocol’s message handling, a malicious...
Astra Linux – Vulnerability in amd64-microcode
Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...
Astra Linux – Vulnerability in hdf5
There is an out-of-bounds write vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in gdk-pixbuf
In GNOME GdkPixbuf also known as gdk-pixbuf up to version 2.42.10, the ANI decoder used for Windows animated cursors encounters heap memory corruption when parsing chunks from a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, resulting in a denial-of-service...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using the Postgres database extension, providing invalid parameters to the parameterized query may cause PHP to attempt to free memory by using uninitialized data as pointers. This could lead to a RCE vulnerabilit...
Astra Linux – Vulnerability in exempi
The XMP Toolkit version 2020.1 and earlier versions is affected by a Buffer Underflow vulnerability, which could lead to the execution of arbitrary code in the context of the current user. Exploiting this issue requires user interaction, as the victim must open a malicious file...
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc in version 1.9.12. A heap buffer overflow in pspdfpreparepage, located in ps-pdf.cxx, may allow for the execution of arbitrary code and cause a denial of service attack...
Astra Linux – Vulnerability in GIMP
GIMP PSP File Parsing: An Off-by-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicio...
Astra Linux – Vulnerability in GIMP
GIMP PSD File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 109. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 110...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer MXF File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...
Astra Linux – Vulnerability in Thunderbird, Firefox
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially lead to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...
Astra Linux – Vulnerability in Qemu
A use-after-free vulnerability was discovered in the am53c974 SCSI host bus adapter emulation in QEMU in versions prior to 6.0.0, during the handling of the ‘Information Transfer’ command CMDTI. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial ...
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc in v1.9.12 and earlier versions. A stack buffer overflow in the parsetable function in ps-pdf.cxx may allow for the execution of arbitrary code and cause a denial of service attack...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code...
Astra Linux – Vulnerability in CGal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1, specifically in the NefS2/SNCioparser.h file, within the SNCioParser::readsface and sfh-volume functions. A specially crafted, malformed file can lead to an out-of-bounds read and type...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution...
Astra Linux – Vulnerability in GIMP
GIMP DCM File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux – Vulnerability in libstb
STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may trigger an out-of-bounds write operation in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz causes an...