56661 matches found
Astra Linux - уязвимость в firefox
tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel up to version 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netrom: Decreases the sock refcount when the sock timer expires. The commit 63346650c1a9 “netrom: switch to the sock timer API” switched to using the sock timer API. It replaces modtimer with skresettimer, and deltimer with...
Astra Linux - уязвимость в openexr
There is a flaw in the Scanline API functionality of OpenEXR in versions prior to 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could cause excessive memory consumption, thereby affecting system availability...
Astra Linux - уязвимость в docker.io-app
BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to...
Astra Linux - уязвимость в zabbix
A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в thunderbird, firefox
An attacker could have exploited a use-after-free issue through the Custom Highlight API, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: The userfaultfdapi function has been fixed to return EINVAL as expected. Currently, if we request a feature that is not set in the kernel configuration, we fail silently and return all available features. However, the manual...
Astra Linux - уязвимость в chromium
The use of the after-free operation in the Webstore API in Google Chrome before version 98.0.4758.102 allowed attackers to exploit heap corruption by using a crafted HTML page. This was possible if an attacker convinced a user to install a malicious extension and compelled the user to perform...
Astra Linux - уязвимость в chromium
In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...
Astra Linux - уязвимость в firefox
TypedArrays can be flawed, and they lack proper exception handling. This could lead to abuse in other APIs that expect TypedArrays to always succeed. This vulnerability affects Firefox versions less than 121...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A use-after-free vulnerability was discovered in the Linux kernel’s netfilter subsystem, specifically in the net/netfilter/nftablesapi.c file. Improper error handling related to NFTMSGNEWRULE allows a dangling pointer to be used in the same transaction, leading to a use-after-free vulnerability...
Astra Linux - уязвимость в thunderbird
Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...
Astra Linux - уязвимость в chromium
Memory access beyond the allowed boundaries in the Service Worker API in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
A heap buffer overflow in the Web Audio API in Google Chrome prior to version 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into the WebUI through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy. The syzbot report indicated a crash in tcactinHW during the netns teardown process. In this scenario, tcfidrinfodestroy passed a value of ERRPTR-EBUSY as a point...
Astra Linux - уязвимость в chromium
Before version 101.0.4951.41, using the "after free" mechanism in the File System API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: X.509: Fixed an out-of-bounds access issue when parsing extensions. Leo reports an out-of-bounds access issue when parsing a certificate with empty Basic Constraints or Key Usage extensions. This occurs because the first byte of...