1087074 matches found
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected MariaDB installations. Exploiting this vulnerability requires interaction with the mariadb-dump utility, but the attack vectors ma...
Astra Linux – Vulnerability in assimp
A vulnerability exists in assimp v.5.4.3, allowing a local attacker to execute arbitrary code through the CallbackToLogRedirector function within the Assimp library...
Astra Linux – Vulnerability in edk2
EDK2 contains a vulnerability in the BIOS, where an attacker can cause a “Protection Mechanism Failure” through local access. Successful exploitation of this vulnerability will lead to the execution of arbitrary code, compromising Confidentiality, Integrity, and Availability...
Astra Linux – Vulnerability in glib2.0
A flaw was discovered in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, resulting in a denial of service or potential code execution through a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 113. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 114...
Astra Linux – Vulnerability in Zabbix
The Zabbix Agent 2 item key “smart.disk.get” does not sanitize its parameters before passing them to a shell command, which may lead to a vulnerability for remote code execution...
Astra Linux – Vulnerability in Qemu
A bug in QEMU could cause a guest I/O operation that is normally directed to an arbitrary disk offset to be directed instead to offset 0. This could potentially overwrite the VM’s boot code. For example, this could be exploited by L2 guests who have a virtual disk vdiskL2 stored on the virtual di...
Astra Linux – Vulnerability in Git
Git is a distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is an integer overflow in...
Astra Linux – Vulnerability in pyyaml
In PyYAML before version 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1, and the 'UnsafeLoader' has been introduced to maintain backward compatibility with this function...
Astra Linux – Vulnerability in sysstat
Sysstat is a set of system performance tools for the Linux operating system. On 32-bit systems, in versions 9.1.16 and later, but before version 12.7.1, the allocatestructures function contained a sizet overflow in the sacommon.c file. The allocatestructures function insufficiently checked the...
Astra Linux – Vulnerability in glibc
The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...
Astra Linux – Vulnerability in pyyaml
A vulnerability was discovered in the PyYAML library in versions prior to 5.3.1. In these versions, the library is susceptible to arbitrary code execution when it processes untrusted YAML files using the fullload method or the FullLoader loader. Applications that use this library to process...
Astra Linux – Vulnerability in libjackson-json-java
A deserialization flaw was discovered in the Jackson-Databind library, in versions prior to 2.6.7.1, 2.7.9.1, and 2.8.9. This flaw could allow an unauthenticated user to execute arbitrary code by sending maliciously crafted input to the readValue method of the ObjectMapper...
Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...
ZeroShell <= 1.0beta11 Remote Code Execution
ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. id: CVE-2009-0545 info: name: ZeroShell = 1.0beta11 Remote Code Execution author: geeknik severity: critica...
Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. dot dot in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP...
Zoho ManageEngine - Remote Code Execution
Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...
ECHO-321F-39D2-90A5
Bulletin has no description...
ECHO-E31B-3EF0-93B2
Bulletin has no description...
MINI-JJ9H-HXG7-7494
Bulletin has no description...