590083 matches found
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurred in the gdiSurfaceToSurface path of the FreeRDP client due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 105 and Firefox ESR 102.3. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...
Astra Linux – Vulnerability in WebKit2GTK
A vulnerability related to out-of-bounds reads has been addressed through improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code executio...
Astra Linux – Vulnerability in libxstream-java
XStream is software used for serializing Java objects into XML and back again. A vulnerability exists in XStream versions prior to 1.4.17, which may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the input stream being processed. However, users who...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in Safari 16.4.1, iOS 15.7.5, and iPadOS 15.7.5; iOS 16.4.1, and iPadOS 16.4.1; as well as macOS Ventura 13.3.1. Processing maliciously crafted web...
Astra Linux – Vulnerability in LibreOffice
There was an improper certificate validation vulnerability in LibreOffice, where the determination of whether a macro was signed by a trusted author was based solely on comparing the serial number and issuer string of the used certificate with those of a trusted certificate. This is insufficient ...
Astra Linux – Vulnerability in cups-filters
“cups-filters” contains backends, filters, and other software required to make the cups printing service work on operating systems other than macOS. If you use the Backend Error Handler beh to create an accessible network printer, this security vulnerability can lead to remote code execution. The...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in WebKit2GTK
A use-after-free vulnerability exists in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before version 2.36.8. This vulnerability allows attackers to execute code remotely...
Astra Linux – Vulnerability in Firefox
When Web Render components were destroyed, a race condition could lead to undefined behavior. We assume that with sufficient effort, this vulnerability could be exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 88.0.1, as well as Firefox for Android...
Astra Linux – Vulnerability in CGal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h: SNCioparser::readsface and storesmboundaryitem. A specially crafted malformed file can lead to an out-of-bounds read and typ...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in node-babel
Babel is a compiler for writing JavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4, as well as all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, especially when...
Astra Linux – Vulnerability in WebKit2GTK
Integer overflow has been addressed through improved input validation. This issue is fixed in iOS 14.5.1, iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, and macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in WebKit2GTK
A use-after-free vulnerability exists in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before version 2.36.8, allowing attackers to execute code remotely...
Astra Linux – Vulnerability in Firefox
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 106. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execut...
Astra Linux – Vulnerability in libimage-exiftool-perl
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and above allows arbitrary code execution when parsing the malicious image...
Astra Linux – Vulnerability in gst-plugins-ugly1.0
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may...