Astra Linux – Vulnerability in htmldoc

A flaw was discovered in htmldoc before version 1.9.12. A heap buffer overflow in the pspdfprepareoutpages function, located in the ps-pdf.cxx file, may allow for the execution of arbitrary code and cause a denial of service attack...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...

Astra Linux – Vulnerability in busybox

A use-after-free in Busybox 1.35-x’s awk applet leads to denial of service and potentially code execution when processing a crafted awk pattern in the copyvar function...

Astra Linux – Vulnerability in hsqldb

Those who use java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL Database to process untrusted input may be vulnerable to a remote code execution attack. By default, it is allowed to call any static method of any Java class in the classpath, resulting in code execution. This issu...

Astra Linux – Vulnerability in Axis

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it might not have been obvious that using “ServiceFactory.getService” could lead to potentially dangerous operations, such as LDAP queries. Passing untrusted input to this API method could expose the application to DoS,...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06, where it incorrectly enabled the use of the ACPI command when Secure Boot was enabled. This flaw allows an attacker with privileged access to create a Secondary System Description Table SSDT containing code that can overwrite the Linux...

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream, if the library is used in versions outside the box with...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: crypto: marvell/octeontx – prevents integer overflows The value of “codelength” comes from the firmware file. If your firmware is untrusted, there’s likely very little you can do to protect yourself. Nevertheless, we still try...

Astra Linux – Vulnerability in Inkscape

Inkscape version 0.91 is vulnerable to a out-of-bounds write vulnerability, which may allow an attacker to arbitrarily execute code...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...

Astra Linux – Vulnerability in WebKit2GTK

A out-of-bounds write issue has been addressed through improved bounds checking. This issue is fixed in iOS 15.6.1, iPadOS 15.6.1, macOS Monterey 12.5.1, and Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report indicating that...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

The “Use After Free” vulnerability in the Linux kernel allows for the execution of code in a local environment on Linux, x86, and ARM bluetooth modules. This vulnerability is associated with program files located at https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C...

Astra Linux – Vulnerability in jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS...

Astra Linux – Vulnerability in WebKit2GTK

A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6, and iPadOS 15.7.6, Safari 16.5, iOS 16.5, and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2, and iPadOS 16.2, as well as watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved checks. This issue has been fixed in tvOS 17, Safari 17, watchOS 10, iOS 17, and iPadOS 17, as well as macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. The URLs for Mercurial repositories in the composer.json file at the root level, as well as the source download URLs, are not sanified correctly. Specifically crafted URL values allow code to be executed via the HgDriver if hg/Mercurial is installed on th...

Astra Linux – Vulnerability in StrongSwan

StrongSwan before version 5.9.12 has a buffer overflow vulnerability, and there is a possibility of unauthenticated remote code execution through a DH public key value that exceeds the internal buffer of charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An attack can occur through a...

Astra Linux – Vulnerability in openimageio

A buffer overflow vulnerability exists in OpenImageIO v.2.4.12.0 and earlier versions. This vulnerability allows a remote attacker to execute arbitrary code and obtain sensitive information through a crafted file sent to the readimg function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disabling period-elapsed work when closing PCM The avsdaifeshutdown function handles the shutdown procedure for the HOST HAudio stream. Period-elapsed work processes its IRQs. Since the former frees the DAI’s...