1085365 matches found
Astra Linux – Vulnerability in qpdf
A issue was discovered in QPDF version 10.0.4, allowing remote attackers to execute arbitrary code via a crafted .pdf file, through the PlASCII85Decoder::write parameter in libqpdf...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fixed a UAF in the panthorgemcreatewithhandle function’s debugfs code. The object may potentially have already been deleted after the drmgemobjectput call. In general, the object should be fully constructed before...
Astra Linux – Vulnerability in PostgresSQL 11
A flaw was discovered in the psql interactive terminal of PostgreSQL in versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20, and prior to 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary cod...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function...
Astra Linux – Vulnerability in jupyter-core
Jupyter Core is a package for the core common functionalities of Jupyter projects. Prior to version 4.11.2, Jupyter Core contained an arbitrary code execution vulnerability in “jupytercore,” which stemmed from “jupytercore” executing untrusted files in the CWD environment. This vulnerability...
Astra Linux – Vulnerability in WebKit2GTK
A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7, and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in xorg-server
A heap buffer overflow flaw was discovered in the DisableDevice function of the X.Org server. This issue may cause an application to crash, or in some cases, lead to remote code execution in SSH X11 forwarding environments...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: x86: stopped playing “stack games” in the profilepc function. The profilepc function is used for timer-based profiling, which isn’t really that relevant anymore. It also makes assumptions about the stack layout that may not be...
Astra Linux – Vulnerability in ntfs-3g
In NTFS-3G versions before version 2021.8.22, when a specially crafted Unicode string is provided in an NTFS image, a heap buffer overflow may occur, allowing code execution...
Astra Linux – Vulnerability in Git
Git is a distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is an integer overflow in...
Astra Linux – Vulnerability in Zabbix
An attacker who has the privilege to configure Zabbix items can use the icmpping function, along with additional malicious commands, to execute arbitrary code on the current Zabbix server...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...
Astra Linux – Vulnerability in libarchive
In libarchive before version 3.6.2, the software does not check for an error after calling the calloc function. This function may return a NULL pointer if it fails, leading to a NULL pointer being dereferenced. NOTE: The discoverer cites this CWE-476 issue, but third parties dispute its impact on...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by an improper input validation vulnerability, which may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
There are use-after-free vulnerabilities in the net/bluetooth/l2capcore.c files, specifically in the l2capconnect and l2capleconnectreq functions. These vulnerabilities may allow code execution and the leakage of kernel memory remotely via Bluetooth. A remote attacker can execute code that leaks...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read without sufficient bounds checking, assuming that the USB device provides valid values. If exploited properly, an attacker could cause memory corruption, leading to arbitrary code...
Astra Linux – Vulnerability in sysstat
Sysstat is a set of system performance tools for the Linux operating system. On 32-bit systems, in versions 9.1.16 and later, but before version 12.7.1, the allocatestructures function contained a sizet overflow in the sacommon.c file. The allocatestructures function insufficiently checked the...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. The supported versions affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This easily exploitable vulnerability allows a low-privilege...