57746 matches found
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome before version 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out-of-bounds memory access via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox, thunderbird
The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, leading to a nullptr dereference. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140....
Astra Linux - уязвимость в thunderbird
If a Thunderbird user responded to a crafted HTML email containing a meta tag, where the meta tag had the http-equiv="refresh" attribute, and the content attribute specified a URL, then Thunderbird would initiate a network request to that URL, regardless of any configuration settings that block...
Astra Linux - уязвимость в chromium
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в pypy, jython
The documentation XML-RPC server in Python, from versions 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4, has XSS vulnerabilities due to the servertitle field. This issue occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If the setservertitle function ...
Astra Linux - уязвимость в firefox
By using XSL Transforms, a malicious webserver could serve a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox versions earlier than 97...
Astra Linux - уязвимость в zabbix
The implementation of atob in "Zabbix JS" allows for creating a string with arbitrary content and using it to access internal properties of objects...
Astra Linux - уязвимость в chromium
The use of after-free in V8 in Google Chrome before version 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
In Google Chrome, memory access out of bounds in V8 before version 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в thunderbird
matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. Version 34.11.0 and earlier of matrix-js-sdk was vulnerable to client-side path traversal attacks through crafted MXC URIs. A malicious room member could trigger clients using matrix-js-sdk to send...
Astra Linux - уязвимость в libfastjson
JSON-C version 0.14 has an integer overflow issue, and there is a risk of out-of-bounds write operations through a large JSON file, as demonstrated by the printbufmemappend function...
Astra Linux - уязвимость в zabbix
Duktape is a third-party embeddable JavaScript engine, focusing on portability and minimal footprint. When adding too many values in the valstack, JavaScript can crash. This issue arises due to a bug in Duktape 2.6, which is a third-party solution that we use...
Astra Linux - уязвимость в firefox
An attacker was able to perform out-of-bounds read or write operations on a JavaScript object by exploiting a bug related to range-based bounds checks. This vulnerability affects Firefox versions prior to 124.0.1...
Astra Linux - уязвимость в golang-1.19
Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...
Astra Linux - уязвимость в webkit2gtk
A validation issue has been addressed through improved input sanitization. This issue is fixed in iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, and macOS Monterey 12.2. Processing a maliciously crafted email message may result in the execution of arbitrary JavaScript code...
Astra Linux - уязвимость в chromium
Before version 93.0.4577.82, using V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
The use of after-free in V8 in Google Chrome before version 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в thunderbird
The Thunderbird Address Book’s URI fields contained unsanitized links. Attackers could use these links to create and export an address book containing malicious payloads in certain fields. For example, in the “Other” field of the Instant Messaging section. If another user imported the address boo...
Astra Linux - уязвимость в firefox
A process isolation vulnerability in Thunderbird stems from improper handling of JavaScript URIs. This issue could allow content to execute in the process of the top-level document, rather than in the intended frame, potentially enabling a sandbox escape. This vulnerability has been fixed in...