Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed UAF in async decryption Performing async decryption large read results in a crash due to a slabuseafterfree issue in the crypto API. Reproducing this issue is as follows: mount.cifs -o ...,seal,esize=1...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: PSR-SU should also be disabled for Parade 08-01 TCON. Stuart Hayhurst has found that both during bootup and when the fullscreen VA-API video mode is used, black screens occur for about 1 second, along with a kern...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit allocation of the cpumask variable on the stack. For the CONFIGCPUMASKOFFSTACK=y kernel configuration, explicit allocation of the cpumask variable on the stack is not recommended, as it may cause a...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: Make sure that the caller has CAPSYSADMIN in the correct user namespaces. What we want to ensure is that clone will not expose something hidden by a mount that we wouldn’t be able to undo. “ wouldn’t be able to...

Astra Linux - уязвимость в chromium

Before version 90.0.4430.72, using the "after free" mechanism in the Network API of Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted Chrome Extension...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Networks: The tun device may destroy the NAPIs associated with it during destruction. Syzbot identified a race condition between the tun file and the destruction of the device. NAPIs are stored in the structtunfile structure, and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap API: Fixed a possible memory leak for vcapduprule A fault occurs when CONFIGVCAPKUNITTEST is selected. A memory leak occurs if kzalloc for duprule succeeds, but kmemdup fails. As a result, duprule, ckf, and c...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data through a crafted Chrome Extension. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

Memory access beyond the allowed boundaries in the Service Worker API in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Using the "after free" mechanism in the File API in Google Chrome before version 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the File System API of Google Chrome on Windows prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

Astra Linux - уязвимость в zabbix

A non-administrator user account on the Zabbix frontend, with the default User role, or any other role that grants API access, can exploit this vulnerability. There is an SQL injection vulnerability in the CUser class within the addRelatedObjects function. This function is called from the CUser.g...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Astra Linux - уязвимость в libhibernate3-java

A flaw was discovered in Hibernate-core in versions prior to and including 5.4.23.Final. An SQL injection occurs in the implementation of the JPA Criteria API; this allows unsanitized literals to be used in SQL comments within queries. This flaw could enable attackers to access unauthorized...

Astra Linux - уязвимость в chromium

A heap buffer overflow in the Media streams API in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в firefox

The fetch API and navigation incorrectly shared the same cache. The cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these additiona...