57765 matches found
Astra Linux - уязвимость в chromium
Integer overflow in V8 in Google Chrome prior to version 137.0.7151.119 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox, thunderbird
The JavaScript garbage collector might incorrectly color cross-compartment objects if OOM conditions are detected at the right time between two passes. This could lead to memory corruption. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and...
Astra Linux - уязвимость в firefox, thunderbird
A use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
Astra Linux - уязвимость в chromium
Integer overflow in V8 in Google Chrome prior to version 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox, thunderbird
An attacker was able to perform out-of-bounds read or write operations on a JavaScript Promise object. This vulnerability has been fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...
Astra Linux - уязвимость в zabbix
A authenticated user can create a link containing reflected JavaScript code on its own pages and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...
Astra Linux - уязвимость в firefox, thunderbird
An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
Astra Linux - уязвимость в chromium
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в zabbix
A authenticated user can create a link containing reflected JavaScript code for a graph page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...
Astra Linux - уязвимость в zabbix
JavaScript preprocessing, webhooks, and global scripts can lead to uncontrolled utilization of CPU, memory, and disk I/O resources. The ability to preprocess/webhook/configure and test global scripts is only available to Administrative roles Admin and Superadmin. Administrative privileges should...
Astra Linux - уязвимость в thunderbird, firefox
Parsing a JavaScript module as JSON can, under certain circumstances, lead to cross-compartment access, which may result in a use-after-free vulnerability. This vulnerability has been fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...
Astra Linux - уязвимость в chromium
Before version 137.0.7151.55, using V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox
A use-after-free could occur if a JavaScript realm was being initialized when a garbage collection started. This vulnerability affects Firefox versions earlier than 125...
Astra Linux - уязвимость в chromium
A heap buffer overflow in V8 in Google Chrome prior to version 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption through a crafted script...
Astra Linux - уязвимость в firefox, thunderbird
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в libjettison-java
A stack overflow in Jettison prior to v1.5.2 allowed attackers to cause a Denial of Service DoS attack through crafted JSON data...
Astra Linux - уязвимость в zabbix
Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...
Astra Linux - уязвимость в firefox, thunderbird
If an out-of-memory condition occurs when creating a JavaScript global, the JavaScript realm may be deleted, while references to it continue to exist within a BaseShape. This could lead to a use-after-free situation, potentially causing a exploitable crash. This vulnerability affects Firefox ESR...
Astra Linux - уязвимость в chromium
In V8 in Google Chrome, prior to version 139.0.7258.127, it was possible for a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...