486012 matches found
Astra Linux – Vulnerability in grub2
There is a use-after-free vulnerability in the grubcmdchainloader function. The chainloader command is used to boot up operating systems that do not support multiboot and do not have direct support from GRUB2. When executing chainloader more than once, a use-after-free vulnerability is triggered...
Astra Linux – Vulnerability in zsh
In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...
Astra Linux – Vulnerability in ntfs-3g
In NTFS-3G versions before version 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfsinoderealopen, a heap buffer overflow can occur, allowing code execution and escalation of privileges...
Astra Linux – Vulnerability in WebKit2GTK
A type confusion issue has been resolved through improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in wpa
A vulnerability was discovered in the way p2p/p2ppd.c in wpasupplicant processes P2P Wi-Fi Direct provision discovery requests before version 2.10. This could lead to denial of service or other impacts, potentially including the execution of arbitrary code, if an attacker is within range of the...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer MXF File Parsing: Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer H265 Parsing: Stack-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer MXF File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. In Redis 7.0, before version 7.0.12, extracting key names from a command and a list of arguments could, in some cases, trigger a heap overflow, leading to the reading of random heap memory, heap corruption, and potentially remote code...
Astra Linux – Vulnerability in Firefox, Thunderbird
Memory safety bugs exist in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 109 and Firefox ESR 102.7. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions less than 110 and...
Astra Linux – Vulnerability in gpsd
In gpsd, before committing dc966aa, there is a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the...
Astra Linux – Vulnerability in glib2.0
A flaw was discovered in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, resulting in a denial of service or potential code execution through a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to cause an integer overflow, potentially leading to remote code execution. This issue exists in all versions of Redis that support...
Astra Linux – Vulnerability in libstb
STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A properly crafted file may trigger an out-of-buffer write in the startdecoder function, because the maximum number of m-submaps is 16, but submapfloor and submapresidue are declared as arrays of 15 elements...
Astra Linux – Vulnerability in Thunderbird, Firefox
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs in Thunderbird 102.5. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute...
Astra Linux – Vulnerability in Tomcat9
Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-...
Astra Linux – Vulnerability in Heimdal, KRB5
PAC parsing in MIT Kerberos 5 also known as krb5 before versions 1.19.4 and 1.20.x before version 1.20.1 contains integer overflows that may lead to remote code execution in the KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms. This results in a heap-based buffer overflow...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Astra Linux – Vulnerability in exempi
The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...