1087047 matches found
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. The supported versions affected by this vulnerability are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. The vulnerability is difficult t...
Astra Linux – Vulnerability in WebKit2GTK
A logic issue has been addressed through improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4, and iPadOS 14.4. A remote attacker may be able to execute arbitrary code. Apple is aware of a report indicating...
Astra Linux – Vulnerability in Zabbix
The Zabbix Agent 2 smartctl plugin does not properly sanitize the parameters of the smart.disk.get command, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0, this allows for remote code execution...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fixed the error code in iwlopmodedvmstart The error code should be preserved if iwlsetupdeferredwork fails. The current code returns ERRPTR0 which is NULL at this point. I believe that the missing error code could...
Astra Linux – Vulnerability in OpenSSH
Using SSH in OpenSSH before version 10.1 allows for the use of the '\0' character in an SSH URI. This could potentially lead to code execution when a ProxyCommand is used...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: parisc: Revised getuser to probe user read access. Due to the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so getuser...
Astra Linux – Vulnerability in OpenSSH
In OpenSSH versions prior to 10.1, control characters in user names that originated from certain potentially untrusted sources could lead to code execution when ProxyCommand was used. The potentially untrusted sources include the command line and the %-sequence expansion from a configuration file...
Astra Linux – Vulnerability in Firefox, Thunderbird
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 103 and Firefox ESR 102.1. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...
Astra Linux – Vulnerability in LibreOffice
Improper validation of the array index vulnerability in The Document Foundation LibreOffice’s spreadsheet component allows an attacker to create a spreadsheet document that causes an array index underflow upon loading. In the affected versions of LibreOffice, certain malformed spreadsheet formula...
Astra Linux – Vulnerability in Firefox
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities in Firefox 101. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these vulnerabilities could have been exploited to execute arbitrary...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been resolved through improved state management. This issue is fixed in tvOS 15.5, iOS 15.5, iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, and Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5, iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, and iTunes 12.12.4 for Windows. Processing maliciously crafted...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Fixed a problem where the touchscreen function was not working properly on the Chuwi Hi8 when using the Windows BIOS. The handling of touchscreen operations for the Chuwi Hi8 is only necessary...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. A authenticated user can use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. This issue exists in all versions of Redis that support L...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Fix the UaF issue in listener shutdown According to Christoph’s report after refactoring the passive socket initialization, the mptcp listener shutdown path is vulnerable to a UaF issue. BUG: KASAN: Use-after-free in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init are a bad combination because the .init.text section is freed after initialization. As a result, modules cannot use symbols annotated with init. Accessing...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This bug triggers under the following conditions: 0 The kernel is built with CONFIGDEBUGPREEMPT=y 1 A new passive FastOpen TCP socket is...
Astra Linux – Vulnerability in Firefox, Thunderbird
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 99 and Firefox ESR 91.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 109 and Firefox ESR 102.7. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions less than 110 and...