Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected by this vulnerability are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel up to version 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

Astra Linux - уязвимость в chromium

Insufficient data validation in the File System API of Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions through a crafted HTML page and malicious file. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

Insufficient data validation in the V8 API of Google Chrome prior to version 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption through a crafted Chrome Extension. Chromium security severity: Medium...

Astra Linux - уязвимость в docker.io-app

BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netrom: Decreases the sock refcount when the sock timer expires. The commit 63346650c1a9 “netrom: switch to the sock timer API” switched to using the sock timer API. It replaces modtimer with skresettimer, and deltimer with...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy. The syzbot report indicated a crash in tcactinHW during the netns teardown process. In this scenario, tcfidrinfodestroy passed a value of ERRPTR-EBUSY as a point...

Astra Linux - уязвимость в chromium

In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...

Astra Linux - уязвимость в zabbix

A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The userfaultfdapi function has been fixed to return EINVAL as expected. Currently, if we request a feature that is not set in the kernel configuration, we fail silently and return all available features. However, the manual...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A use-after-free vulnerability was discovered in the Linux kernel’s netfilter subsystem, specifically in the net/netfilter/nftablesapi.c file. Improper error handling related to NFTMSGNEWRULE allows a dangling pointer to be used in the same transaction, leading to a use-after-free vulnerability...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into the WebUI through a crafted HTML page...

Astra Linux - уязвимость в chromium

A heap buffer overflow in the Web Audio API in Google Chrome prior to version 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в thunderbird, firefox

An attacker could have exploited a use-after-free issue through the Custom Highlight API, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

Astra Linux - уязвимость в chromium

Memory access beyond the allowed boundaries in the Service Worker API in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

Astra Linux - уязвимость в openssl

Issue Summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes may leave the final partial block unencrypted and unauthenticated. Impact Summary: The last 1–15 bytes of a message may be exposed in...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...