Astra Linux – Vulnerability in Apache Log4j2

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI, provided that the attacker has control over the target LDAP server. Thi...

Astra Linux – Vulnerability in openjpeg2

A heap-buffer overflow was discovered in the way openjpeg2 handles certain PNG format files. An attacker could exploit this flaw to cause an application to crash, or in some cases to execute arbitrary code with the permission of the user running such an application...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, deleting offscreen bitmaps caused gdi-drawing to point to freed memory, leading to UAF when related update packets arrived. A malicious server could trigger client-side use after the objects were freed,...

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...

Astra Linux – Vulnerability in busybox

A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

Astra Linux – Vulnerability in TIF format

A vulnerability was discovered in libtiff due to multiple potential integer overflows in the raw2tiff.c file. This flaw allows remote attackers to cause a denial of service or potentially execute arbitrary code through a crafted TIF image, triggering a heap-based buffer overflow...

Astra Linux – Vulnerability in TIF format

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service application crash or potentially execute arbitrary code through a crafted TIFF image, which triggers a heap-based buffer overflow...

Astra Linux – Vulnerability in xorg-server

A vulnerability was discovered in X.Org. This security flaw arises due to issues with the length validation of the handler for the XIChangeProperty request, leading to out-of-bounds memory reads and potential information disclosure. This issue can result in elevation of local privileges on system...

Astra Linux – Vulnerability in xorg-server

A vulnerability was discovered in X.Org. This security flaw arises because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges escalation on systems where the X server is running with privileged access, and may...

Astra Linux – Vulnerability in Firefox

Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 112. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been...

Astra Linux – Vulnerability in xorg-server

A flaw was discovered in the X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can lead to a heap buffer overflow condition, which may result in an application...

Astra Linux – Vulnerability in libx11

The LookupCol.c file in X.Org X, as well as versions of X11 such as X11R7.7 and libX11 before version 1.7.1, may allow remote attackers to execute arbitrary code. The libX11 XLookupColor function, intended for server-side color lookups, contains a flaw that allows a client to send color-name...

Astra Linux – Vulnerability in WebKit2GTK

A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed input stream. However, no users are affected as long ...

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfs: Do not propagate ENODATA disk errors into the xattr code. ENODATA also known as ENOATTR has a very specific meaning in the xfs xattr code: it indicates that the requested attribute name could not be found. However, a medium...

Astra Linux – Vulnerability in grub2

The GRUB2’s shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules being loaded in GRUB2, thereby breaking the secure boot trust-chain...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved bounds checks. This issue has been fixed in tvOS 15.6, watchOS 8.7, iOS 15.6, and iPadOS 15.6, macOS Monterey 12.5, and Safari 15.6. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux – Vulnerability in Firefox

Insufficient validation in the Drag and Drop API, combined with social engineering, may have allowed an attacker to trick end-users into creating shortcuts to local system files. This could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 115...