590110 matches found
Astra Linux – Vulnerability in Firefox, Thunderbird
If a user were convinced to drag and drop an image onto their desktop or another folder, the resulting object could be transformed into an executable script that would execute arbitrary code upon the user clicking on it. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91....
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution...
Astra Linux – Vulnerability in GIMP
GIMP XWD File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux – Vulnerability in GIMP
GIMP DCM File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux – Vulnerability in Intel-microcode, Linux-6.1, Linux-5.15, Linux-5.10
The exposure of sensitive information in shared microarchitectural structures during transient execution on some Intel processors may allow an authenticated user to potentially disclose information through local access...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process could perform arbitrary chmod operations on the target...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer H265 Parsing: Stack-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors...
Astra Linux – Vulnerability in libstb
STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may trigger an out-of-bounds write operation in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz causes an...
Astra Linux – Vulnerability in GhostScript
A issue was discovered in psi/zfile.c in Artifex Ghostscript prior to version 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution...
Astra Linux – Vulnerability in Derby
A cleverly designed username can bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could allow an attacker to create unnecessary Derby databases, thereby filling up storage space. In LDAP-authenticated Derby installations, the attacker could also execute malware...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers and community members reported memory safety bugs in Firefox 93 and Firefox ESR 91.2. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed Buffer Underwrite, which could allow unauthenticated remote attackers to execute arbitrary commands. This is because smtpungetc was only intended for pushing back characters, but it can actually be used to push back non-character error codes, such as EOF...
Astra Linux – Vulnerability in Zabbix
An attacker who has the privilege to configure Zabbix items can use the icmpping function, along with additional malicious commands, to execute arbitrary code on the current Zabbix server...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...
Astra Linux – Vulnerability in libarchive
In libarchive before version 3.6.2, the software does not check for an error after calling the calloc function. This function may return a NULL pointer if it fails, leading to a NULL pointer being dereferenced. NOTE: The discoverer cites this CWE-476 issue, but third parties dispute its impact on...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. In affected versions, a integer overflow bug in Redis can be exploited to corrupt the heap and potentially lead to remote code execution. The vulnerability involves changing the default proto-max-bulk-len and...
Astra Linux – Vulnerability in exempi
The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by an improper input validation vulnerability, which may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
Astra Linux – Vulnerability in pyyaml
In PyYAML before version 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1, and the 'UnsafeLoader' has been introduced to maintain backward compatibility with this function...