[20260520] - Framework - Inadequate content filtering within the cleanAttributes filter code

Lack of input filtering leads to an XSS vector in the HTML filter code...

RHCOS 3 : OpenShift Container Platform 3.9 haproxy (RHSA-2019:0547)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0547 advisory. - haproxy: Out-of-bounds read in dns.c:dnsvalidatednsresponse allows for memory disclosure CVE-2018-20102 - haproxy: Mishandling of...

Astra Linux – Vulnerability in Apache2

Servicing WebSocket protocol upgrades over an HTTP/2 connection may lead to a Null Pointer dereference, causing the server process to crash and degrading performance...

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26, and 8.0.x below 8.0.13, certain XML parsing functions, such as simplexmlloadfile, decode the filename passed to them using URL encoding. If the filename contains a URL-encoded NUL character, this may cause the function to interpret this as t...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Integer overflow in Mojo in Google Chrome prior to version 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux – Vulnerability in Netty

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high-performance protocol servers and clients. In Netty io.netty:netty-codec-http2, before version 4.1.60.Final, there was a vulnerability that allowed for request smuggling. If...

Astra Linux – Vulnerability in WebKit2GTK

A vulnerable "use-after-free" vulnerability exists in the WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can exploit this vulnerability, leading to remote code execution. The victim must visit a malicious website to trigger the vulnerability...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.114, using "After Free" in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page and user gestures...

Astra Linux – Vulnerability in Chromium

Before version 94.0.4606.61, using "use after free" in Portals within Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux – Vulnerability in w3m

There is a out-of-bounds write in the checkType field located in etc.c in w3m 0.5.3. This issue can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause a Denial of Service attack, or potentially have unspecified other impacts...

Astra Linux – Vulnerability in libonig

Oniguruma, as used in PHP 7.3.x and other products, has a heap-based buffer over-read issue in the strlowercasematch function in regexec.c...

Astra Linux - уязвимость в chromium

Using “after free” in the Network component of Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of “after free” in Navigation in Google Chrome before version 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in Media Feeds in Google Chrome prior to version 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Twisted

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web would process the requests asynchronously, without guaranteeing the order of responses. If either of the endpoints was controlled by an...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...

Astra Linux - Vulnerability in Golang-1.19

The html/template package does not follow the correct rules for handling occurrences of "", "" within JS literals in contexts. This may cause the template parser to incorrectly consider script contexts as being terminated early, resulting in actions being properly escaped incorrectly. This could ...