1086992 matches found
Astra Linux – Vulnerability in Qemu
A out-of-bounds write vulnerability was discovered in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. This flaw occurs during the processing of the ‘VIRTIOGPUCMDGETCAPSET’ command from the guest. It could allow a privileged guest user to crash the QEMU...
Astra Linux – Vulnerability in xorg-server
A flaw related to out-of-bounds memory access was discovered in the X.Org server. This issue can occur when a device that has been frozen by a sync operation is reattached to a different master device. This issue may result in an application crashing, local privilege escalation if the server runs...
Astra Linux – Vulnerability in WebKit2GTK
The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in Firefox
Mozilla developers reported memory safety bugs in Firefox 91. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of Firefox prior to 92...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17, and iPadOS 17, as well as macOS Sonoma 14. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in PHP 8.1
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving the set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If a third party can control the memory layout, for example by providing specially crafted inputs to the script, it could...
Astra Linux – Vulnerability in Composer
Composer is a dependency manager for PHP. Users who publish a composer.phar file to a publicly accessible web server where the file can be executed as a PHP file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22, an...
Astra Linux – Vulnerability in Jinja2
Jinja is an extensible templating engine. Prior to version 3.1.6, there was a flaw in how the Jinja sandbox environment interacted with the |attr filter, allowing an attacker who controls the content of a template to execute arbitrary Python code. To exploit this vulnerability, an attacker needed...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15, and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in Velocity
An attacker who is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify Velocity templates running Apache...
Astra Linux – Vulnerability in CGal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h, specifically in the function SNCioParser::readsloop and slh-twin. An attacker can provide malicious input to trigger this...
Astra Linux – Vulnerability in exempi
The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...
Astra Linux – Vulnerability in ffmpeg5
The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through libavutil/imgutils.c:353:9 in the imagecopyplane function...
Astra Linux – Vulnerability in Firefox, Thunderbird
Mozilla developers reported memory safety bugs in the code shared between Firefox and Thunderbird. Some of these bugs showed signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects...
Astra Linux – Vulnerability in jupyter-core
Jupyter Core is a package for the core common functionalities of Jupyter projects. Prior to version 4.11.2, Jupyter Core contained an arbitrary code execution vulnerability in “jupytercore,” which stemmed from “jupytercore” executing untrusted files in the CWD environment. This vulnerability...
Astra Linux – Vulnerability in xorg-server
A heap buffer overflow flaw was discovered in the DisableDevice function of the X.Org server. This issue may cause an application to crash, or in some cases, lead to remote code execution in SSH X11 forwarding environments...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: x86: stopped playing “stack games” in the profilepc function. The profilepc function is used for timer-based profiling, which isn’t really that relevant anymore. It also makes assumptions about the stack layout that may not be...
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc before version 1.9.12. A heap buffer overflow in the pspdfprepareoutpages function, located in the ps-pdf.cxx file, may allow for the execution of arbitrary code and cause a denial of service attack...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...