30546 matches found
Astra Linux - уязвимость в chromium
Before version 94.0.4606.54, using the "after free" mechanism in Performance Manager in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 94.0.4606.61, using "use after free" in Portals within Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: RISCV: Process: Fix kernel information leakage The s12 element of the threadstruct may contain random kernel memory contents, which could potentially be leaked to the user space. This is a security flaw. To address this issue,...
Astra Linux - уязвимость в webkit2gtk
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ICE: Fixed ‘scheduling while atomic’ in aux critical error interrupts There’s a kernel bug related to processing aux critical error interrupts in icemiscintr: 2100.917085 BUG: Scheduling while atomic: swapper/15/0/0x00010000 …...
Astra Linux - уязвимость в thunderbird
The parent process does not properly check whether the Speech Synthesis feature is enabled when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: The dealloc repeatcallcontrol function may fail if damoncall fails. damoncall for managing repeatcallcontrol of DAMONSYSFS may fail if the kdamond function is stopped before the damoncall is invoked. This can...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the object to close if ondemandid 0 in copen. If copen is called maliciously in user mode, it may delete the request corresponding to the random ID. Moreover, the request may not have been read yet. Note that when...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the session state check when reconnecting to avoid a use-after-free issue. Do not collect the exiting session in smb2reconnectserver; this session will be released soon. Note that the exiting session will remain in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed error handling in kfdprocessdeviceinitvm. It is recommended to only destroy the ibmem and let the process cleanup worker free the outstanding BOs. Reset the pointer in the pdd-qpd structure to avoid NULL...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: i2c: i801 – Fixed block process call transactions. According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and...
Astra Linux - уязвимость в squid
Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP, and other protocols. A bug related to incorrect checking of function return values makes Squid vulnerable to Denial of Service attacks targeting its helper process management. This bug has been fixed in Squid version 6.5. Users...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed possible descptr out-of-bounds accesses. Sanitized possible descptr out-of-bounds accesses in sesenclosuredataprocess...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context. Laurent reported the enclosed report 1. This bug occurs under the following conditions: 0 The kernel is built with CONFIGDEBUGPREEMPT=y. 1 A new passive FastOpen TCP socket is...
Astra Linux - уязвимость в webkit2gtk
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux - уязвимость в webkit2gtk
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26, iOS 26, iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, and watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fixed a potential use-after-free issue in irqprocessworklist. The listforeachentry Safe function was used to allow iterating through the list and deleting entries during the iteration process. The descriptors are...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: amd/amdkfd: enhanced checking of kfd processes during switch partitions. Currently, the switch partition only checks whether kfdprocessestable is empty. The entry in kfdprocessestable is deleted in kfdprocessnotifierrelease, b...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...