1087072 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
There are use-after-free vulnerabilities in the net/bluetooth/l2capcore.c files, specifically in the l2capconnect and l2capleconnectreq functions. These vulnerabilities may allow code execution and the leakage of kernel memory remotely via Bluetooth. A remote attacker can execute code that leaks...
Astra Linux – Vulnerability in CGal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h, specifically in the slh-incidentsface function of SNCioParser::readsloop. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in htmldoc
In the htmldoc v1.9.11 and earlier versions, a null pointer dereference vulnerability may allow attackers to execute arbitrary code and cause a denial of service through a crafted HTML file...
Astra Linux – Vulnerability in h2database
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes the class name of the driver and the URL of the database as parameters. An attacker may pass in a JNDI driver name and a URL that points to an LDAP or RMI server, allowing for remote code execution. This vulnerability can be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Regulator: da9121: Fixed an issue where uninit-value was used in da9121assignchipmodel. KASAN report: A out-of-bounds error occurred in regmapinit. BUG: KASAN: Out-of-bounds access in regmapinit, drivers/base/regmap/regmap.c:841....
Astra Linux – Vulnerability in gdk-pixbuf
GNOME GdkPixbuf also known as GDK-PixBuf prior to version 2.42.8 allowed a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated in the io-gif-animation.c file’s compositeframe function. This overflow was controllable and could be exploited for code executio...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors...
Astra Linux – Vulnerability in unzip
A flaw was discovered in Unzip. The vulnerability occurs during the conversion of a wide string to a local string, resulting in an out-of-bound write operation on the heap. This flaw allows an attacker to submit a specially crafted zip file, causing a crash or code execution...
Astra Linux – Vulnerability in Thunderbird
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs in Firefox 94. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these...
Astra Linux – Vulnerability in Qemu
A reentrancy issue was discovered in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750. Just like in that case, when the reentrancy trigger the reset function nvmectrlreset, data structures will be freed, leading to a use-after-free vulnerability. A malicious...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to cause an integer overflow, potentially leading to remote code execution. This issue exists in all versions of Redis that support...
Astra Linux – Vulnerability in emacs
In elisp-mode.el of GNU Emacs prior to version 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion, allowing attackers to execute arbitrary code. This unsafe expansion also occurs if a user...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: cavium – prevents integer overflow during firmware loading. The value of “codelength” comes from the firmware file. If your firmware is untrusted, there’s probably very little you can do to protect yourself. Nevertheless,...
Astra Linux – Vulnerability in bluez
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability, as the target must connect...
Astra Linux – Vulnerability in ofono
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1, and iPadOS 15.3.1, as well as Safari 15.3 versions 16612.4.9.1.8 and 15612.4.9.1.8. Processing maliciously...
Astra Linux – Vulnerability in gst-plugins-base1.0
GStreamer PGS File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...