Astra Linux - уязвимость в chromium

The use of after-free in Cast in Google Chrome before version 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

The use of Site Isolation in Google Chrome before version 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Critical...

Astra Linux - уязвимость в chromium, firefox, thunderbird, libvpx

A heap buffer overflow occurred in the vp8 encoding process in libvpx within Google Chrome before version 117.0.5938.132. In version 1.13.1 of libvpx, a remote attacker could potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

A heap buffer overflow in Skia in Google Chrome prior to version 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

A heap buffer overflow in ANGLE in Google Chrome prior to version 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Before version 115.0.5790.170, read and write access in WebGL in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в vim

A vulnerability was discovered in Vim and is classified as problematic. The issue affects the qfupdatebuffer function in the quickfix.c file of the autocmd Handler component. This manipulation leads to memory corruption after the function is called. The attack can be launched remotely. Upgrading ...

Astra Linux - уязвимость в chromium

Using “after free” in DevTools in Google Chrome before version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to enable certain prerequisites. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Astra Linux - уязвимость в chromium

Memory access out of bounds in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

ROS-20260520-73-0055

A vulnerability in the Navigation function of the Google Chrome web browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

📄 ZTE Unauthenticated Denial of Service

ZTE routers 17+ models suffer from an unauthenticated denial of service vulnerability via an oversized POST body. Title: ZTE Routers 17+ Models - Unauthenticated Denial of Service via Oversized POST Body Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2026-34473 Vendor: ZTE...

ROS-20260520-73-0024

A vulnerability in the Extensions component of the Google Chrome and Microsoft Edge browsers is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260520-73-0026

A vulnerability in the WebAudio component of the Google Chrome browser is related to reading outside of the allowed range in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260520-73-0027

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260520-73-0032

A vulnerability in the CSS component of the Google Chrome browser is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

CVE-2026-37979

A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect OIDC token introspection endpoint allows a confidential client to bypass audience restrictions. An attacker-controlled client with valid credentials can retrieve sensitive token claims intended for other...

CVE-2026-37979

Keycloak CVE-2026-37979 describes an information-disclosure via the OIDC token introspection endpoint where an attacker-controlled but credentialed confidential client can bypass audience restrictions, exposing token claims intended for other resource servers. Impact is confidentiality of lightwe...