486094 matches found
Astra Linux – Vulnerability in glib2.0
A flaw was discovered in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, resulting in a denial of service or potential code execution through a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 126. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 127...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15, and iPadOS 15. Processing maliciously crafted web content may lead to code execution...
Astra Linux – Vulnerability in sane-backends
A heap buffer overflow in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, known as GHSL-2020-084...
Astra Linux – Vulnerability in ipython
IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to a vulnerability that allows arbitrary code to be executed, due to improper management of cross-user...
Astra Linux – Vulnerability in zsh
In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...
Astra Linux – Vulnerability in libcaca
A flaw was discovered in libcaca v0.99.beta19. A buffer overflow issue in the cacaresize function in libcaca/caca/canvas.c may allow for the execution of arbitrary code in the user context...
Astra Linux – Vulnerability in Firefox
Mozilla developers reported memory safety bugs in Firefox 92. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 93...
Astra Linux – Vulnerability in Linux
It was discovered that the eBPF implementation in the Linux kernel failed to properly track bound information for 32-bit registers when performing division and modulo operations. A local attacker could use this vulnerability to potentially execute arbitrary code...
Astra Linux – Vulnerability in Ruby 2.5
In RDoc 3.11 through 6.x, as distributed with Ruby up to 3.0.1, it was possible to execute arbitrary code using | and tags within a filename...
Astra Linux – Vulnerability in TIF format
An integer overflow flaw was discovered in libtiff, which resides in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and system...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read without sufficient bounds checking, assuming that the USB device provides valid values. If exploited properly, an attacker could cause memory corruption, leading to arbitrary code...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible Engine. This flaw occurs in all versions of Ansible Engine from 2.7.x, 2.8.x, and 2.9.x, as of 2.7.17, 2.8.9, and 2.9.6, respectively. The issue arises when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled. After the...
Astra Linux – Vulnerability in WebKit2GTK
Multiple memory corruption issues have been resolved through improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, and Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in wpa
A vulnerability was discovered in the way p2p/p2ppd.c in wpasupplicant processes P2P Wi-Fi Direct provision discovery requests before version 2.10. This could lead to denial of service or other impacts, potentially including the execution of arbitrary code, if an attacker is within range of the...
Astra Linux – Vulnerability in TIF format
A heap-based buffer overflow flaw was discovered in libtiff, particularly in the handling of TIFF images using libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and...
Astra Linux – Vulnerability in OpenSSL
Issue summary: An application attempting to decrypt messages encrypted using password-based encryption in CMS can trigger an out-of-bounds read and write attack. Impact summary: This out-of-bounds read attack may cause a system crash, leading to a denial of service for the application. The...
Astra Linux – Vulnerability in libgit2
A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. The checkout.c file mishandles equivalent filenames that exist due to NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected MariaDB installations. Exploiting this vulnerability requires interaction with the mariadb-dump utility, but the attack vectors ma...