56729 matches found
Astra Linux - уязвимость в linux-5.15
A memory leak flaw was discovered in nftsetcatchallflush in net/netfilter/nftablesapi.c within the Linux Kernel. This issue may allow a local attacker to cause double-deactivation of catchall elements, which can lead to a memory leak...
Astra Linux - уязвимость в firefox, thunderbird
When using X11, text selected by the page using the Selection API is erroneously copied into the primary selection, a temporary storage similar to the clipboard. This bug only affects Firefox on X11. Other systems are unaffected. This vulnerability affects Firefox versions earlier than 120, Firef...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel up to version 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...
Astra Linux - уязвимость в chromium
In the V8 API of Google Chrome, before version 124.0.6367.78, reading out of bounds allowed a remote attacker to leak cross-site data through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Before version 103.0.5060.134, using the "after free" method in the Service Worker API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Using the “after free” mechanism in the Presentation API in Google Chrome before version 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в openjdk-11
A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1...
Astra Linux - уязвимость в thunderbird, firefox
The WebChannel API, which is used to transfer various types of information between processes, did not check the identity of the sender. Instead, it accepted the identity of the sender without verification. This could lead to privilege escalation attacks. This vulnerability has been fixed in Firef...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy. The syzbot report indicated a crash in tcactinHW during the netns teardown process. In this scenario, tcfidrinfodestroy passed a value of ERRPTR-EBUSY as a point...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netrom: Decreases the sock refcount when the sock timer expires. The commit 63346650c1a9 “netrom: switch to the sock timer API” switched to using the sock timer API. It replaces modtimer with skresettimer, and deltimer with...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: X.509: Fixed an out-of-bounds access issue when parsing extensions. Leo reports an out-of-bounds access issue when parsing a certificate with empty Basic Constraints or Key Usage extensions. This occurs because the first byte of...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: hfs: Ensure that sb-sfsinfo is always cleaned up. When hfs was converted to the new mount API, a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocat...
Astra Linux - уязвимость в firefox
TypedArrays can be flawed, and they lack proper exception handling. This could lead to abuse in other APIs that expect TypedArrays to always succeed. This vulnerability affects Firefox versions less than 121...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A use-after-free vulnerability was discovered in the Linux kernel’s netfilter subsystem, specifically in the net/netfilter/nftablesapi.c file. Improper error handling related to NFTMSGNEWRULE allows a dangling pointer to be used in the same transaction, leading to a use-after-free vulnerability...
Astra Linux - уязвимость в thunderbird
Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...
Astra Linux - уязвимость в chromium
Memory access beyond the allowed boundaries in the Service Worker API in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
The use of the after-free operation in the Webstore API in Google Chrome before version 98.0.4758.102 allowed attackers to exploit heap corruption by using a crafted HTML page. This was possible if an attacker convinced a user to install a malicious extension and compelled the user to perform...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: The userfaultfdapi function has been fixed to return EINVAL as expected. Currently, if we request a feature that is not set in the kernel configuration, we fail silently and return all available features. However, the manual...