Astra Linux - уязвимость в firefox

TypedArrays can be flawed, and they lack proper exception handling. This could lead to abuse in other APIs that expect TypedArrays to always succeed. This vulnerability affects Firefox versions less than 121...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A use-after-free vulnerability was discovered in the Linux kernel’s netfilter subsystem, specifically in the net/netfilter/nftablesapi.c file. Improper error handling related to NFTMSGNEWRULE allows a dangling pointer to be used in the same transaction, leading to a use-after-free vulnerability...

Astra Linux - уязвимость в thunderbird

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...

Astra Linux - уязвимость в chromium

Memory access beyond the allowed boundaries in the Service Worker API in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

The use of the after-free operation in the Webstore API in Google Chrome before version 98.0.4758.102 allowed attackers to exploit heap corruption by using a crafted HTML page. This was possible if an attacker convinced a user to install a malicious extension and compelled the user to perform...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The userfaultfdapi function has been fixed to return EINVAL as expected. Currently, if we request a feature that is not set in the kernel configuration, we fail silently and return all available features. However, the manual...

Astra Linux - уязвимость в zabbix

A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into the WebUI through a crafted HTML page...

Astra Linux - уязвимость в docker.io-app

BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to...

Astra Linux - уязвимость в chromium

Before version 101.0.4951.41, using the "after free" mechanism in the File System API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в thunderbird, firefox

An attacker could have exploited a use-after-free issue through the Custom Highlight API, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

Astra Linux - уязвимость в openexr

There is a flaw in the Scanline API functionality of OpenEXR in versions prior to 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could cause excessive memory consumption, thereby affecting system availability...

Astra Linux - уязвимость в chromium

A heap buffer overflow in the Web Audio API in Google Chrome prior to version 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в openssl

Issue Summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes may leave the final partial block unencrypted and unauthenticated. Impact Summary: The last 1–15 bytes of a message may be exposed in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open The CI detected a UaF in fbnic within the AFXDP section of the queues.py test. The UaF occurs in the skmarknapiidonce function call in xskbind. The NAPI has been freed. It see...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ath11k: fixed the kernel panic that occurred during the unloading/loading of ath11k modules. Fixed the call to netifnapidel from ath11kahbfreeextirq, to prevent the following kernel panic when unloading/loading ath11k modules...

Astra Linux - уязвимость в chromium

Chromium: CVE-2021-30610 Use after free in Extensions API...

Astra Linux - уязвимость в docker.io-app

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The likelihood of this being exploited...