Astra Linux - уязвимость в hsqldb1.8.0, hsqldb

A flaw was discovered in the Libreoffice package. An attacker can create an odb file that contains a “database/script” file with a SCRIPT command. The contents of this file can then be written into a new file, whose location is determined by the attacker...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the WebView tag in Google Chrome prior to version 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: initramfs: Avoid filename buffer overflow The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as follows: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

Astra Linux - уязвимость в apache2

A substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attackers to execute scripts in directories permitted by the configuration, but these directories are not directly accessible via URLs. Additionally, the source of these scripts may not be disclosed, as th...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into the WebUI through a crafted HTML page...

Astra Linux - уязвимость в firefox

An attacker with temporary script access to a website could have set a cookie containing invalid characters using document.cookie, which could lead to unknown errors. This vulnerability affects Firefox versions earlier than 119...

Astra Linux - уязвимость в chromium

Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

Astra Linux - уязвимость в golang-1.19

The html/template package does not properly handle HTML-like “” comment tokens, nor hashbang “!” comment tokens, in contexts. This may cause the template parser to incorrectly interpret the contents of contexts, resulting in actions being incorrectly escaped. This could be exploited to carry out ...

Astra Linux - уязвимость в apache2

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a Lua script that calls r:parsebody0 may cause a denial of service due to the lack of a default limit on the possible input size...

Astra Linux - уязвимость в chromium

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

Astra Linux - уязвимость в firefox

Service workers may reveal the script-based base URL due to dynamic import. This vulnerability affects Firefox versions earlier than 113...

Astra Linux - уязвимость в chromium

In DevTools in Google Chrome before version 126.0.6478.182, it was possible for an attacker to convince a user to install a malicious extension, allowing them to inject scripts or HTML into a privileged page through a crafted Chrome Extension. Chromium security severity: High...

Astra Linux - уязвимость в chromium

In incorrect security user interfaces of web app installations in Google Chrome on Android before version 90.0.4430.212, an attacker who convinced a user to install a web application could inject scripts or HTML into a privileged page through a crafted HTML page...

Astra Linux - уязвимость в firefox, thunderbird

A crafted URL containing Arabic script and whitespace characters could potentially hide the true origin of the page, leading to a potential spoofing attack. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

Astra Linux - уязвимость в libreoffice

Unchecked script execution in the “Graphic on-click binding” mechanism in affected LibreOffice versions allows an attacker to create a document that will execute scripts built into LibreOffice upon clicking a graphic, without any prompts. These scripts were previously considered trusted, but now...

Astra Linux - уязвимость в python3.11, python3.7

A vulnerability has been identified in the CPython venv module and CLI. This vulnerability arises from improper quoting of path names when creating a virtual environment. As a result, attackers can inject commands into the virtual environment “activation” scripts e.g., using “source...

Astra Linux - уязвимость в firefox

Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy might have been able to inject executable scripts. This would be severely restricted by the specified Content Security Policy o...

Astra Linux - уязвимость в firefox, thunderbird

Module load requests that failed were not checked to determine whether they had been cancelled, resulting in a use-after-free in ScriptLoadContext. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux - уязвимость в zabbix

A authenticated user can create a link containing reflected JavaScript code for the graphs page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

Astra Linux - уязвимость в firefox

The SVG element could have been used to load unexpected content that might execute scripts under certain circumstances. Although the specification appears to allow this, other browsers do not do so. Web developers relied on this property for script security, so Gecko’s implementation was aligned...