5052 matches found
UBUNTU-CVE-2026-9100
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...
Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds
A new study finds AI companies, defense firms, and dating apps are among 38 data collectors allegedly using manipulative design to confuse users while collecting their data...
Astra Linux - уязвимость в firefox
A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox 125...
Astra Linux - уязвимость в firefox, thunderbird
The garbage collector might have been aborted in several states and zones, and GCRuntime::finishCollection might not have been called, resulting in a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux - уязвимость в firefox, thunderbird
During garbage collection, additional operations were performed on an object that should not have been done. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1...
Astra Linux - уязвимость в protobuf
A parsing issue similar to CVE-2022-3171 occurs when using textformat in the protobuf-java core and Lite versions before versions 3.21.7, 3.20.3, 3.19.6, and 3.16.3. This issue can lead to a denial-of-service attack. Inputs containing multiple instances of non-repeating embedded messages with...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the sanity check on summary info As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 BUG: KASAN: use-after-free in recoverdata+0x63ae/0x6ae0 f2fs Read of size 4 at addr...
Astra Linux - уязвимость в tomcat9
Improper resource shutdown or release vulnerabilities in Apache Tomcat. If an error occurs including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts stored on the disk are not deleted immediately but are left for the garbage collection process ...
Astra Linux - уязвимость в linux, linux-5.10
iouring UAF, Unix SCM garbage collection...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: Defer the garbage collection of registered files to iouring’s responsibility. Instead of having unixgc handle the registered files of iouring, we want iouring to handle them itself. The key here is to consider the...
Astra Linux - уязвимость в chromium
In Google Chrome, the use of garbage collection after version 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 95.0.4638.69, using garbage collection in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Update lastgc only when garbage collection GC has been performed. Currently, lastgc is updated every time a new connection is tracked. This means it is updated even if no garbage collection was performed...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend. Otherwise, the async GC worker could collect expired objects and obtain the released commit lock with...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The backend for setting the DEAD bit was changed to use the GC transaction API. The GC transaction API replaces the old and buggy gc API and the busy mark approach. No set elements are removed from async...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc Lazy garbage collection for rbtree during insertions may collect end interval elements that have just been added during these transactions. These elements are skipped, as...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fixed to avoid migrating empty sections. A bug has been reported from a device with zufs: F2FS-fs dm-64: Inconsistent segment type 1, 0 in SSA and SIT. F2FS-fs dm-64: The filesystem was stopped due to reason: 4. Thread A...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: afunix: The function call kfreeskb is called for the dead unixsk-oobskb in the garbage collection process. syzbot reported a warning in unixgc, which creates a socketpair and sends the fd of one socket to itself using the peer...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A use-after-free vulnerability exists in the netfilter component of the Linux kernel’s nftables module, which can be exploited to achieve local privilege escalation. This vulnerability arises due to a race condition between the nftables netlink control plane transaction and the nftset element’s...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: The “copy-to-cache” mechanism has been fixed so that it performs collection using Ceph+FSCache. The “copy-to-cache” mechanism used by Ceph with local caching creates a new request to write data that was just read from the...