192057 matches found
Astra Linux - уязвимость в chromium
The use of after-free in Downloads in Google Chrome before version 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Sign-In process in Google Chrome prior to version 1.3.36.351 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the UI of Google Chrome prior to version 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в open-vm-tools
A issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass the intended access restrictions on mounting shares through a symlink attack that exploits a realpath race condition in mount.vmhgfs also known as hgfsmounter...
Astra Linux - уязвимость в ruby2.5
A vulnerability was discovered in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...
Astra Linux - уязвимость в wpa
In Hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker who has successfully bootstrapped public keys with another entity using PKEX in the past will be able to subvert future bootstrapping attempts by passively observing the public keys. By...
Astra Linux - уязвимость в chromium
The use of Mojo after free in Google Chrome before version 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. The supported versions affected by this vulnerability are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This vulnerability is difficult to exploit; an...
Astra Linux - уязвимость в curl
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. As a result, it does not detect impostor attacks or man-in-the-middle attacks...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control through a crafted command. Chromium security severity: Low...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability include Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...
Astra Linux - уязвимость в nss
During ECDSA signature generation, padding is applied in the nonce to ensure that constant-time scalar multiplication is removed. However, this results in variable-time execution that depends on secret data. This vulnerability affects Firefox versions less than 80, as well as Firefox for Android...
Astra Linux - уязвимость в php8.1, php7.3
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
Astra Linux - уязвимость в chromium
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Astra Linux - уязвимость в chromium
The use of after-free in MediaStream in Google Chrome before version 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
In V8 of Google Chrome, before version 116.0.5845.110, unauthorized memory access allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Using “after free” in WebRTC in Google Chrome before version 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в openssl
There exists a timing-based side channel in the OpenSSL RSA Decryption implementation. This vulnerability could be sufficient for an attacker to recover plaintext across a network in a Bleichenbacher-style attack. To successfully decrypt data, an attacker would need to be able to send a very larg...
Astra Linux - уязвимость в unbound
A vulnerability in caching resolvers called “Rebirthday Attack” has been discovered in resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., with the option --enable-subnet, and when configured to send ECS information along with queries to...
Astra Linux - уязвимость в udisks2
A vulnerability has been discovered in udisks2. This flaw allows an attacker to submit a specially crafted image file/USB, resulting in kernel panic. The greatest threat posed by this vulnerability is to system availability...