590083 matches found
Astra Linux – Vulnerability in TIF format
A heap-based buffer overflow flaw was discovered in libtiff, particularly in the handling of TIFF images using libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed Buffer Underwrite, which could allow unauthenticated remote attackers to execute arbitrary commands. This is because smtpungetc was only intended for pushing back characters, but it can actually be used to push back non-character error codes, such as EOF...
Astra Linux - Vulnerability in Rails
A potential vulnerability that could lead to remote code execution RCE exists when using YAML-serialized columns in Active Record versions prior to 7.0.3.1, 6.1.6.1, 6.0.5.1, and 5.2.8.1, which could allow an attacker capable of manipulating data in the database through means such as SQL injectio...
Astra Linux – Vulnerability in libpgjava
pgjdbc is the official PostgreSQL JDBC Driver. A security flaw was discovered in the JDBC driver for the postgresql database during security research. Systems that use the postgresql library will be vulnerable when an attacker controls the JDBC URL or connection properties. pgjdbc creates plugin...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.3, iOS 15.4, iPadOS 15.4, tvOS 15.4, and Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code...
Astra Linux – Vulnerability in cups-filters
“Cups-filters” contains backends, filters, and other software necessary to enable the “cups printing service” on operating systems other than macOS. In versions 2.0.1 and earlier, a heap-buffer-overflow vulnerability in the “rastertopclx” filter caused the program to crash with a segmentation fau...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 96 and Firefox ESR 91.5. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...
Astra Linux – Vulnerability in ffmpeg, ffmpeg5
A buffer overflow vulnerability exists in Ffmpeg v.n6.1-3-g466799d4f5, allowing a local attacker to execute arbitrary code through the ffbwdiffilterintrac function in the libavfilter/bwdifdsp.c:125:5 component...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in Firefox, Thunderbird
When a user clicks on an FTP URL containing encoded newline characters %0A and %0D, these newline characters are interpreted as such, allowing arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in watchOS 10, iOS 17, iPadOS 17, tvOS 17, macOS Sonoma 14, and Safari 17. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in p7zip
7-Zip is a file archiver with a high compression ratio. Versions 26.00 and earlier contained a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB. This vulnerability could allow attackers to execute arbitrary code or cause...
Astra Linux – Vulnerability in Chromium
The use of after-free in V8 in Google Chrome before version 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Firefox
Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 105. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This...
Astra Linux – Vulnerability in OpenSSH
Using SSH in OpenSSH before version 10.1 allows for the use of the '\0' character in an SSH URI. This could potentially lead to code execution when a ProxyCommand is used...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Ventura 13, iOS 16.1, iPadOS 16, and Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in TIF format
An integer overflow flaw was discovered in libtiff, which resides in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and system...
Astra Linux – Vulnerability in Apache Log4j1.2
The JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration, or when the configuration references an LDAP service to which the attacker has access. The attacker can provide a...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5, and iPadOS 16.7.5; iOS 17.3, and iPadOS 17.3; macOS Sonoma 14.3; tvOS 17.3; and watchOS 10.3. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in Xen
Potential speculative code storage bypasses exist in all supported CPU products. Combined with software vulnerabilities related to speculative execution of overwritten instructions, this could lead to incorrect speculation and potentially cause data leakage...