Astra Linux – Vulnerability in WebKit2GTK

A vulnerable "use-after-free" vulnerability exists in the WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can exploit this vulnerability, leading to remote code execution. The victim must visit a malicious website to trigger the vulnerability...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved state management. This issue is fixed in tvOS 15.5, iOS 15.5, iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, and Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in bind9

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of the Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Redis improperly handles the resizing of memory buffers, which can lead to integer overflow, resulting in heap overflow and potential remote code execution. This issue has been fixed in versions 7.0.15 and 7.2.4...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

Astra Linux – Vulnerability in libarchive

Libarchive Remote Code Execution Vulnerability...

Astra Linux – Vulnerability in hdf5

HDF5 versions 1.14.3 and earlier contain a buffer overflow vulnerability in H5Olinfodecode, which leads to corruption of the instruction pointer and causes denial of service or potential code execution...

Astra Linux – Vulnerability in ffmpeg, ffmpeg5

The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through libavfilter/afstereowiden.c:120:69...

Astra Linux – Vulnerability in htmldoc

A flaw was discovered in htmldoc commit 31f7804. A heap buffer overflow in the pdfwritenames function in ps-pdf.cxx may lead to arbitrary code execution and a Denial of Service DoS attack...

Astra Linux – Vulnerability in xorg-server

A use-after-free vulnerability was discovered in the ProcRenderAddGlyphs function of Xorg servers. This issue arises when the AllocateGlyph function is called to store new glyphs sent by the client to the X server. As a result, multiple entries may point to the same non-refcounted glyphs...

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

Astra Linux – Vulnerability in CGal

There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1, specifically in the NefS2/SNCioparser.h file, within the SNCioparser::readsface and storesmboundaryitem functions. A specially crafted, malformed file can lead to an out-of-bounds read and...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4, as well as iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report...

Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

A discrepancy in how Go and C/C++ comments are parsed allowed for code to be smuggled into the resulting cgo binary...

Astra Linux – Vulnerability in Firefox, Thunderbird

Memory safety bugs exist in Firefox 110 and Firefox ESR 102.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions less than 111,...

Astra Linux – Vulnerability in cups-filters

CUPS is a standards-based, open-source printing system. cups-browsed includes network printing functionality, which encompasses, but is not limited to, the ability to automatically discover print services and shared printers. cups-browsed binds to INADDRANY:631, allowing it to accept packets from...

Astra Linux – Vulnerability in Apache Log4j1.2

The JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration, or when the configuration references an LDAP service to which the attacker has access. The attacker can provide a...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5, and iPadOS 16.7.5; iOS 17.3, and iPadOS 17.3; macOS Sonoma 14.3; tvOS 17.3; and watchOS 10.3. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Xen

Potential speculative code storage bypasses exist in all supported CPU products. Combined with software vulnerabilities related to speculative execution of overwritten instructions, this could lead to incorrect speculation and potentially cause data leakage...