Astra Linux – Vulnerability in Jinja2

Jinja is an extensible templating engine. Prior to version 3.1.6, there was a flaw in how the Jinja sandbox environment interacted with the |attr filter, allowing an attacker who controls the content of a template to execute arbitrary Python code. To exploit this vulnerability, an attacker needed...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15, and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Velocity

An attacker who is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify Velocity templates running Apache...

Astra Linux – Vulnerability in CGal

There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h, specifically in the function SNCioParser::readsloop and slh-twin. An attacker can provide malicious input to trigger this...

Astra Linux – Vulnerability in exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G versions before version 2021.8.22, when a specially crafted NTFS inode pathname is provided in an NTFS image, a heap buffer overflow may occur, leading to memory disclosure, denial of service, and even code execution...

Astra Linux – Vulnerability in Firefox, Thunderbird

Mozilla developers reported memory safety bugs in the code shared between Firefox and Thunderbird. Some of these bugs showed signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects...

Astra Linux – Vulnerability in qpdf

A issue was discovered in QPDF version 10.0.4, allowing remote attackers to execute arbitrary code via a crafted .pdf file, through the PlASCII85Decoder::write parameter in libqpdf...

Astra Linux – Vulnerability in busybox

A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function...

Astra Linux – Vulnerability in jupyter-core

Jupyter Core is a package for the core common functionalities of Jupyter projects. Prior to version 4.11.2, Jupyter Core contained an arbitrary code execution vulnerability in “jupytercore,” which stemmed from “jupytercore” executing untrusted files in the CWD environment. This vulnerability...

Astra Linux – Vulnerability in WebKit2GTK

A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7, and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in xorg-server

A heap buffer overflow flaw was discovered in the DisableDevice function of the X.Org server. This issue may cause an application to crash, or in some cases, lead to remote code execution in SSH X11 forwarding environments...

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G versions before version 2021.8.22, when a specially crafted Unicode string is provided in an NTFS image, a heap buffer overflow may occur, allowing code execution...

Astra Linux – Vulnerability in htmldoc

A flaw was discovered in htmldoc before version 1.9.12. A heap buffer overflow in the pspdfprepareoutpages function, located in the ps-pdf.cxx file, may allow for the execution of arbitrary code and cause a denial of service attack...

Astra Linux – Vulnerability in GIMP

GIMP PNM File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a...

Astra Linux – Vulnerability in GIMP

GIMP XWD File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux – Vulnerability in WebKit2GTK

A type confusion issue has been resolved through improved state handling. This issue is fixed in iOS 14.8, iPadOS 14.8, tvOS 15, iOS 15, and iPadOS 15, Safari 15, and watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

Integer overflow has been addressed through improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...