57746 matches found
Astra Linux - уязвимость в chromium
The use of after-free in V8 in Google Chrome before version 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в rabbitmq-server
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI through the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...
Astra Linux - уязвимость в thunderbird
matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. In versions prior to 19.4.0, events sent with special strings in key locations could temporarily disrupt or hinder the proper functioning of matrix-js-sdk, potentially affecting the consumer’s ability...
Astra Linux - уязвимость в thunderbird, firefox
It was possible to interrupt the processing of a RegExp bailout and execute additional JavaScript code, potentially triggering garbage collection when the engine did not expect it. This vulnerability has been fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
Astra Linux - уязвимость в chromium
“Type Confusion in V8 in Google Chrome” before version 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в zabbix
A authenticated user can create a link containing reflected JavaScript code for a service page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the...
Astra Linux - уязвимость в python-pymysql
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input, because keys are not escaped by escapedict...
Astra Linux - уязвимость в firefox
Under certain circumstances, calling the bind function might result in an incorrect realm being set. This could create a vulnerability related to JavaScript-implemented sandboxes, such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
Astra Linux - уязвимость в firefox
When a web page created a pop-up from a “javascript:“ URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs. This vulnerability affects Firefox versions earlier than 120...
Astra Linux - уязвимость в firefox, thunderbird
Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...
Astra Linux - уязвимость в chromium
In V8, the "out of bounds" reading in Google Chrome before version 121.0.6167.139 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в firefox
An attacker could have caused a use-after-free in the JavaScript engine, allowing them to read memory from the JavaScript string section of the heap. This vulnerability affects Firefox versions earlier than 127...
Astra Linux - уязвимость в nodejs
A OS command injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check. This vulnerability can be easily exploited, as the IsIPAddress function does not properly check whether an IP address is invalid before making DBS requests, thereby...
Astra Linux - уязвимость в chromium
In Google Chrome versions prior to 87.0.4280.88, uninitialized use of V8 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page...
Astra Linux - уязвимость в chromium
The vulnerability allows a remote attacker to execute arbitrary code within a sandbox, through a crafted HTML page, using V8 in Google Chrome before version 131.0.6778.204. Chromium security severity: High...
Astra Linux - уязвимость в chromium
In V8 of Google Chrome, out-of-bounds memory access prior to version 131.0.6778.204 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome before version 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
In V8, the "out of bounds" reading in Google Chrome before version 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption through a crafted HTML page...
Astra Linux - уязвимость в firefox
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability has been fixed in Firefox 143.0.3...