Astra Linux – Vulnerability in Apache Log4j2

Apache Log4j2 versions 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 have JNDI features that are used in configuration, log messages, and parameters. However, these features do not protect against attacks from controlled LDAP endpoints and other JNDI-related...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2, iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, and iTunes 12.11 for Windows...

Astra Linux – Vulnerability in Apache2

Double-free operations and a potential RCE vulnerability exist in the Apache HTTP Server with the HTTP/2 protocol. This issue affects the Apache HTTP Server version 2.4.66. Users are recommended to upgrade to version 2.4.67, as this version fixes the vulnerability...

Astra Linux – Vulnerability in libtommath

An integer overflow vulnerability exists in the mpgrow function within the libtom library, as reported in commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9. This vulnerability allows attackers to execute arbitrary code and cause a denial of service DoS attack...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer PGS File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack...

Astra Linux – Vulnerability in Zabbix

The Zabbix Agent 2 item key “smart.disk.get” does not sanitize its parameters before passing them to a shell command, which may lead to a vulnerability for remote code execution...

Astra Linux – Vulnerability in ffmpeg5

Buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code and cause a denial of service DoS via the afdialoguenhance.c:261:5 in the destereo component...

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. A integer overflow bug in the ziplist data structure used in all versions of Redis can be exploited to corrupt the heap and potentially lead to remote code execution. The vulnerability involves modifying the default ziplist...

Astra Linux – Vulnerability in libspf2

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing o...

Astra Linux – Vulnerability in Mariadb 10.3

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server up to 2021-03-03; and the wsrep patch up to 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUP...

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue arises from the lack of proper locking when performing operations on an object. An attacker can...

Astra Linux – Vulnerability in unrar-nonfree

RARLAB WinRAR Recovery Volume: Improper validation of array index leads to remote code execution vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability, as the targe...

Astra Linux – Vulnerability in Apache Log4j2

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI, provided that the attacker has control over the target LDAP server. Thi...

Astra Linux – Vulnerability in Linux

The mwifiexcmd80211adhocstart function in the drivers/net/wireless/marvell/mwifiex/join.c file within the Linux kernel, as of version 5.10.4, may allow remote attackers to execute arbitrary code by using a long SSID value, also known as CID-5c455c5ab332...

Astra Linux – Vulnerability in WebKit2GTK

A out-of-bounds write issue has been addressed through improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7, and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, and tvOS 16. Processing maliciously crafted web content may lead to arbitrary code...

Astra Linux – Vulnerability in busybox

A use-after-free in Busybox 1.35-x’s awk applet leads to denial of service and potentially code execution when processing a crafted awk pattern in the copyvar function...

Astra Linux – Vulnerability in Firefox

Mozilla developers reported memory safety bugs in Firefox 86. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of Firefox prior to 87...

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in the psql interactive terminal of PostgreSQL in versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20, and prior to 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary cod...

Astra Linux – Vulnerability in Thunderbird

Members of the Mozilla Fuzzing Team reported memory safety bugs in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. Thi...

Astra Linux – Vulnerability in Zabbix

An attacker who has the privilege to configure Zabbix items can use the icmpping function, along with additional malicious commands, to execute arbitrary code on the current Zabbix server...