Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in the File System API of Google Chrome on Windows prior to version 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

Astra Linux – Vulnerability in libgcrypt20

The ElGamal implementation in Libgcrypt before version 1.9.4 allows plaintext recovery. This occurs because, during interaction between two cryptographic libraries, a dangerous combination of elements arises—specifically, the prime number defined by the receiver’s public key, the generator define...

Astra Linux – Vulnerability in Linux 5.10

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling o...

Astra Linux – Vulnerability in Linux, BlueZ

In the Bluetooth Core Specification 2.1 through 5.2, Bluetooth LE and BR/EDR secure pairing mechanisms may allow a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflecting the public key and the authentication evidence of...

Astra Linux – Vulnerability in Chromium

A stack buffer overflow in Printing in Google Chrome prior to version 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption through a crafted HTML page...

Astra Linux – Vulnerability in oddjob

A race condition was identified in the mkhomedir tool included with the oddjob package in versions prior to 0.34.5 and 0.34.6. During the home creation process, mkhomedir copies the /etc/skel directory into the newly created home directory and changes its ownership to the home’s user, without...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Astra Linux – Vulnerability in Firefox and Thunderbird

The error page for sites with invalid TLS certificates lacked the activation-delay feature provided by Firefox to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page triggered user clicks at specific locations immediately before...

Astra Linux – Vulnerability in Chromium

Before version 95.0.4638.69, using garbage collection in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Firefox

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, it was rendered using page fonts. Side-channel attacks on the text using specially crafted fonts could have led to this text being interpreted by the webpage. This vulnerability affects Firefox versions earlier...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in PDFium in Google Chrome prior to version 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. The supported versions affected are 5.7.35 and earlier, as well as 8.0.26 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromise th...

Astra Linux – Vulnerability in nss

The NSS code used for checking PKCS1 v1.5 was leaking information useful for launching Bleichenbacher-style attacks. Both the overall correctness of the padding and the length of the encrypted message were exposed through timing side-channels. By sending a large number of ciphertexts selected by...

Astra Linux – Vulnerability in Tomcat9

Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Astra Linux – Vulnerability in libde265

A buffer overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code through the SAO Sample Adaptive Offset processing of libde265...

Astra Linux – Vulnerability in Zeromq3

A uncontrolled resource consumption memory leak flaw was discovered in ZeroMQ’s src/xpub.cpp in versions prior to 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if CURVE/ZAP authentication is disabled on the server, resulting i...

Astra Linux - уязвимость в chromium

A heap buffer overflow in ANGLE in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0....

Astra Linux – Vulnerability in libmojolicious-perl

The Mojolicious module prior to version 8.65 for Perl is vulnerable to securecompare timing attacks, which allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...