firefox: thunderbird: Incorrect boundary conditions in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

firefox: thunderbird: Use-after-free in the Widget: Cocoa component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Widget: Cocoa component...

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

firefox: thunderbird: Other issue in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the Libraries component in NSS...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...

Astra Linux - уязвимость в dcmtk

A vulnerability was identified in DCMTK up to version 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to exploit this attack. The name of the patch is...

Astra Linux - уязвимость в openjdk-11

Vulnerability in Oracle Java SE component: Hotspot. The supported versions affected include Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, and 23. This vulnerability can be exploited by an unauthenticated attacker with network access via multiple protocols, allowing them to compromi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: q6apm: moving component registration to an unmanaged version The q6apm component registers dynamic data from ASoC toplology, which are allocated using device-managed API functions. Assigning both components and...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...

Astra Linux - уязвимость в gpac

A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The issue of the refcount leak in the PCI device during amdgpuatrmgetbios has been fixed. According to the comments on pcigetclass, it returns a pcidevice with its refcount being incremented. Additionally, the refcoun...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability, classified as critical, has been discovered in the Linux kernel. The affected component is the deltimer function in the file drivers/isdn/mISDN/l1oipcore.c of the Bluetooth module. This vulnerability allows for manipulation leading to memory deallocation after it has been freed. ...

Astra Linux - уязвимость в chromium

Before version 99.0.4844.51, using "After Free" in the Media section of Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в linux-5.10, linux

A vulnerability was discovered in the Linux kernel. It has been classified as critical. This issue affects the devlinkparamset/devlinkparamget functions in the net/core/devlink.c file of the IPsec component. The vulnerability allows for exploitation after memory allocation. It is recommended that...

Astra Linux - уязвимость в qpdf

In QPDF 8.2.1, within libqpdf/QPDFWriter.cc, the functions QPDOrWriter::unparseObject and QPDOrWriter::unparseChild contain recursive calls that last for a long time. This allows remote attackers to cause a denial of service by using a crafted PDF file...

Astra Linux - уязвимость в chromium

Using “after free” in Dawn in Google Chrome before version 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability has been discovered in the Linux kernel and is classified as critical. The affected part of the code is the function areacacheget in the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c, belonging to the IPsec component. This vulnerability occurs due to improper memory...

Astra Linux - уязвимость в chromium

The use of after-free in Dawn in Google Chrome before version 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...