20384 matches found
Astra Linux - уязвимость в firefox, thunderbird, expat
A issue was discovered in libexpat before version 2.6.4. There is a crash within the XMLResumeParser function, as XMLStopParser can stop/suspend a parser that has not been started...
Astra Linux - уязвимость в wireshark
In Wireshark versions 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13, the VMS TCPIP trace file parser crashes. This issue allows for denial of service through malicious capture files...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed an infinite loop issue when len is 0 in the tcpbpfrecvmsg parser. When the buffer length of the recvmsg system call is 0, a soft lockup problem occurred. watchdog: BUG: Soft lockup – CPU3 stuck for 27...
Astra Linux - уязвимость в pkgconf
In pkgconf up to 1.9.3, variable duplication can lead to unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleParse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes...
Astra Linux - уязвимость в cgal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux - уязвимость в glib2.0
A flaw was discovered in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, resulting in a denial of service or potential code execution through a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
Astra Linux - уязвимость в golang-1.19
The html/template package does not properly handle HTML-like “” comment tokens, nor hashbang “!” comment tokens, in contexts. This may cause the template parser to incorrectly interpret the contents of contexts, resulting in actions being incorrectly escaped. This could be exploited to carry out ...
Astra Linux - уязвимость в cgal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...
Astra Linux - уязвимость в cgal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux - уязвимость в protobuf
A issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in a way that would cause them to be processed out of order. A small malicious payload can occupy the parser for several minutes by creating a large number of short-lived objects, resulting in frequent...
Astra Linux - уязвимость в bouncycastle
Bouncy Castle for Java before version 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM-encoded streams containing X.509 certificates, PKCS8-encoded keys, and PKCS7 objects. Parsing a file that...
Astra Linux - уязвимость в cgal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h: SNCioparser::readsface and storesmboundaryitem. A specially crafted malformed file can lead to an out-of-bounds read and typ...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2 in versions prior to 2.06. The option parser allows an attacker to overwrite a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The greatest threat from this vulnerability is to data confidentiality and...
Astra Linux - уязвимость в golang-1.19
Calling any of the Parse functions in Go source code that contains //line directives with very large line numbers can lead to an infinite loop due to integer overflow...
Astra Linux - уязвимость в libksba
Before version 1.6.3, Libksba was vulnerable to an integer overflow vulnerability in the CRL signature parser...
Astra Linux - уязвимость в zabbix
A specially crafted string can cause a buffer overflow in the JSON parser library, resulting in a crash of the Zabbix Server or Zabbix Proxy...
Astra Linux - уязвимость в apache2
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for this vulnerability, but it might be possible to create one. This issue affects Apache HTTP Server 2.4.51 and earlie...
Astra Linux - уязвимость в python-tornado
Tornado is a Python web framework and asynchronous networking library. When Tornado’s “multipart/form-data” parser encounters certain errors, it logs a warning but continues attempting to parse the remaining data. This allows remote attackers to generate an extremely large volume of logs,...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS protections through a crafted HTML page. Chrome security severity: Medium...
Astra Linux - уязвимость в cgal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h, specifically in the function SNCioParser::readsloop and slh-twin. An attacker can provide malicious input to trigger this...