5238 matches found
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp – Fixed out-of-bounds memory read access in KUnit tests. KASAN reported an out-of-bounds access issue with csdspmockbinaddnameorinfo, because the length of the source string was rounded up to the allocation siz...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel. A use-after-free occurred in the way the console subsystem utilized ioctls KDGKBSENT and KDSKBSENT. A local user could exploit this flaw to gain access to memory beyond its intended scope. The most significant threat posed by this vulnerability is to dat...
Astra Linux – Vulnerability in Chromium
Side-channel information leakage in keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In FedCM, out-of-bounds memory access in Google Chrome prior to version 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
In Google Chrome, memory access out of bounds in CSS before version 116.0.5845.110 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
In V8 of Google Chrome, before version 116.0.5845.110, unauthorized memory access allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in OpenSSL
There is a type confusion vulnerability related to X.400 address processing within an X.509 GENERALNAME. X.400 addresses are parsed as ASN1STRING, but the public structure definition for GENERALNAME incorrectly specifies the type of the x400Address field as ASN1TYPE. This field is subsequently...
Astra Linux – Vulnerability in krb5
In MIT Kerberos 5 also known as krb5 before version 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
Astra Linux – Vulnerability in Chromium
In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...
Astra Linux – Vulnerability in Chromium
In Google Chrome, out-of-bounds read operations in tab groups were allowed before version 90.0.4430.212. This enabled an attacker who convinced a user to install a malicious extension to perform an out-of-bounds memory read through a crafted HTML page...
CVE-2026-44185
A flaw was found in Apache HTTP Server. This buffer over-read vulnerability occurs when the server processes outbound Online Certificate Status Protocol OCSP requests directed to an attacker-controlled OCSP server. This could allow a remote attacker to read sensitive information from memory or...
DEBIAN-CVE-2026-12450
Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
CVE-2026-6040
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...
The vulnerability of the __glXDisp_ChangeDrawableAttributes() function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X.Org Server implementation of the X Window System, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the glXDispChangeDrawableAttributes function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X.Org Server implementation of the X Window System, is related to reading data beyond the permitted range of memory. Exploiting this vulnerability could...
CVE-2026-54413
driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...
EUVD-2026-36664
driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...
CVE-2026-54413
driftregion iso14229 up to 0.9.0 has an integer underflow in Handle_0x27_SecurityAccess() that enables a remote unauthenticated attacker to crash a UDS server and possibly read memory beyond the receive buffer by sending a 0x27 SecurityAccess request after a prior well-formed 0x27 message. The co...
SUSE CVE-2026-12033
Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
EUVD-2026-36346
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...