1085323 matches found
Astra Linux – Vulnerability in ffmpeg
In FFmpeg versions prior to 5.1.2, the libavcodec/pthreadframe.c file, used in VLC and other products, leaves stale hwaccel state in worker threads. This allows attackers to trigger a use-after-free and execute arbitrary code under certain circumstances e.g., during hardware reinitialization upon...
Astra Linux – Vulnerability in libmysofa
A buffer overflow in the readDataVar function in hdf/dataobject.c within Symonics’ libmysofa 0.5 – 1.1 allows attackers to execute arbitrary code through a crafted SOFA...
Astra Linux – Vulnerability in CGal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h: SNCioParser::readsface sfh-boundaryentryobjects Sloopof. A specially crafted, malformed file can lead to an out-of-bounds re...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qedf: Make qedfexecutetmf non-preemptible Stop calling smpprocessorid from preemptible code in qedfexecutetmf90. This results in BUGON when running an RT kernel. 659.343280 BUG: Using smpprocessorid in preemptible 000000...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Astra Linux – Vulnerability in TIF format
A heap-based buffer overflow flaw was discovered in libtiff, particularly in the handling of TIFF images using libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and...
Astra Linux - Vulnerability in Rails
A potential vulnerability that could lead to remote code execution RCE exists when using YAML-serialized columns in Active Record versions prior to 7.0.3.1, 6.1.6.1, 6.0.5.1, and 5.2.8.1, which could allow an attacker capable of manipulating data in the database through means such as SQL injectio...
Astra Linux – Vulnerability in libpgjava
pgjdbc is the official PostgreSQL JDBC Driver. A security flaw was discovered in the JDBC driver for the postgresql database during security research. Systems that use the postgresql library will be vulnerable when an attacker controls the JDBC URL or connection properties. pgjdbc creates plugin...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.3, iOS 15.4, iPadOS 15.4, tvOS 15.4, and Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code...
Astra Linux – Vulnerability in cups-filters
“Cups-filters” contains backends, filters, and other software necessary to enable the “cups printing service” on operating systems other than macOS. In versions 2.0.1 and earlier, a heap-buffer-overflow vulnerability in the “rastertopclx” filter caused the program to crash with a segmentation fau...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Memory issue: tegra20-emc – fixed a bug related to references to OF nodes in tegraemcfindnodebyramcode. When the offindnodebyname function releases the reference to the argument “device node”, the tegraemcfindnodebyramcode functi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: MAC comparisons need to be performed in constant time. To prevent timing attacks, MAC comparisons must be done in constant time. Replace the memcmp function with the correct function, cryptomemneq...
Astra Linux – Vulnerability in Batik
A vulnerability in Batik of Apache XML Graphics allows an attacker to execute untrusted Java code from an SVG. This issue affects Apache XML Graphics versions prior to 1.16. It is recommended to update to version 1.16...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 96 and Firefox ESR 91.5. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...
Astra Linux – Vulnerability in ffmpeg, ffmpeg5
A buffer overflow vulnerability exists in Ffmpeg v.n6.1-3-g466799d4f5, allowing a local attacker to execute arbitrary code through the ffbwdiffilterintrac function in the libavfilter/bwdifdsp.c:125:5 component...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in watchOS 10, iOS 17, iPadOS 17, tvOS 17, macOS Sonoma 14, and Safari 17. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in p7zip
7-Zip is a file archiver with a high compression ratio. Versions 26.00 and earlier contained a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB. This vulnerability could allow attackers to execute arbitrary code or cause...
Astra Linux – Vulnerability in Chromium
The use of after-free in V8 in Google Chrome before version 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...