56651 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: virtio: Packed data – fix an unmap leak for the indirect desc table When usedmaapi and premapped are set to true, dounmap is false. Since dounmap is false, vringunmapextrapacked is not called by detachbufpacked. The following cod...
Astra Linux - уязвимость в firefox
tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...
Astra Linux - уязвимость в firefox, thunderbird
When using X11, text selected by the page using the Selection API is erroneously copied into the primary selection, a temporary storage similar to the clipboard. This bug only affects Firefox on X11. Other systems are unaffected. This vulnerability affects Firefox versions earlier than 120, Firef...
Astra Linux - уязвимость в linux-5.15
A memory leak flaw was discovered in nftsetcatchallflush in net/netfilter/nftablesapi.c within the Linux Kernel. This issue may allow a local attacker to cause double-deactivation of catchall elements, which can lead to a memory leak...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в chromium
Insufficient data validation in the File System API of Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions through a crafted HTML page and malicious file. Chromium security severity: Low...
Astra Linux - уязвимость в chromium
Insufficient data validation in the V8 API of Google Chrome prior to version 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption through a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Using the “after free” mechanism in the Presentation API in Google Chrome before version 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в openjdk-11
A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1...
Astra Linux - уязвимость в thunderbird, firefox
The WebChannel API, which is used to transfer various types of information between processes, did not check the identity of the sender. Instead, it accepted the identity of the sender without verification. This could lead to privilege escalation attacks. This vulnerability has been fixed in Firef...
Astra Linux - уязвимость в firefox
The Performance API did not properly hide the fact that whether a request to a cross-origin resource has observed redirects. This vulnerability affects Firefox versions less than 100...
Astra Linux - уязвимость в chromium
Before version 103.0.5060.134, using the "after free" method in the Service Worker API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в docker.io-app
BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netrom: Decreases the sock refcount when the sock timer expires. The commit 63346650c1a9 “netrom: switch to the sock timer API” switched to using the sock timer API. It replaces modtimer with skresettimer, and deltimer with...
Astra Linux - уязвимость в openexr
There is a flaw in the Scanline API functionality of OpenEXR in versions prior to 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could cause excessive memory consumption, thereby affecting system availability...
Astra Linux - уязвимость в thunderbird, firefox
An attacker could have exploited a use-after-free issue through the Custom Highlight API, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy. The syzbot report indicated a crash in tcactinHW during the netns teardown process. In this scenario, tcfidrinfodestroy passed a value of ERRPTR-EBUSY as a point...
Astra Linux - уязвимость в firefox
TypedArrays can be flawed, and they lack proper exception handling. This could lead to abuse in other APIs that expect TypedArrays to always succeed. This vulnerability affects Firefox versions less than 121...
Astra Linux - уязвимость в chromium
In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...
Astra Linux - уязвимость в chromium
The use of the after-free operation in the Webstore API in Google Chrome before version 98.0.4758.102 allowed attackers to exploit heap corruption by using a crafted HTML page. This was possible if an attacker convinced a user to install a malicious extension and compelled the user to perform...