145600 matches found
Astra Linux - уязвимость в golang-1.15
Versions of Go before 1.14.14 and 1.15.x before 1.15.7 on Windows are vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that utilize cgo for example, cgo can execute a GCC program from an untrusted source...
Astra Linux - уязвимость в golang-1.19
The command go env command is documented as outputting a shell script containing the Go environment. However, go env does not sanitize the values it outputs. Therefore, executing its output as a shell script can lead to various malicious behaviors, including executing arbitrary commands or...
Astra Linux - уязвимость в emacs
GNU Emacs version 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file. This is because lib-src/etags.c uses the system’s C library function in its implementation of the ctags program. For example, a victim might use the “ctags ” command as suggeste...
Astra Linux - уязвимость в vim
A heap-based buffer overflow exists in Vim/vim 9.0.0946 and earlier, as it allows an attacker to use CTRL-W gf in the expression used in the right-hand side of the substitute command...
Astra Linux - уязвимость в parsec
The vulnerability of the parsecmdlin function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в nodejs
A vulnerability related to OS command injection exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1. This vulnerability arises due to an insufficient check in the IsAllowedHost function, which can be easily bypassed. Additionally, the IsIPAddress function does not properly check whether ...
Astra Linux - уязвимость в exim4
Exim 4 before 4.94.2 has an improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via the AUTH= parameter in the MAIL FROM command...
Astra Linux – Vulnerability in FontForge
Splinefont in FontForge, with a version number of 20230101, allows for command injection via crafted filenames...
Astra Linux - уязвимость в ansible
A flaw was discovered in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur when facts used in the template do not include special template characters, especially if the user attempts to embed templates within multi-line YAML strings. This flaw allows...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Data related to command failures should only be collected for known commands. DEVX can issue a general command that is not used by the mlx5 driver. If such a command fails, mlx5 attempts to collect the failure data...
Astra Linux - уязвимость в firefox, thunderbird
Firefox did not properly handle downloads of files ending with .desktop, which can be interpreted to execute commands controlled by the attacker. This bug only affects Firefox for Linux on certain distributions. Other operating systems are unaffected, and Mozilla is unable to list all affected...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: USB: Storage: Fix memory leak in USB bulk transport A memory leak in the kernel was identified using the ‘ioctlsg01’ test from the Linux Test Project LTP. The following bytes were observed: 0x53425355. When USB storage devices...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to view the data of kernel pages by providing a larger insize value in struct croseccommand1 when invoking EC host commands. This issue can be fixed b...
Astra Linux - уязвимость в ofono
oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: Fixed memory leaks When hcicmdsyncqueue fails in hcileterminatebig or hcilebigterminate, the memory pointed to by the variable d is not freed, which can lead to memory leaks. A release mechanism should be...
Astra Linux – Vulnerability in Firefox and Thunderbird
If a compromised content process sends an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out-of-bounds write would occur, leading to memory corruption and potentially exploitable crashes. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...
Astra Linux - уязвимость в libimage-exiftool-perl
In ExifTool’s lib/Image/ExifTool.pm, version 12.38 incorrectly handles the $file = /|$/ check, resulting in command injection...
Astra Linux - уязвимость в rabbitmq-server
RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization, potentially allowing JavaScript code to execute withi...
Astra Linux - уязвимость в libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the input stream being processed. No users are affected as long as they follow...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fixed a potential memory overflow issue with staticcommandline. We allocated memory of size ‘xlen + strlenbootcommandline + 1 for staticcommandline. However, the strings copied into staticcommandline were actually fr...