Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in the File System API of Google Chrome on Windows prior to version 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

Astra Linux – Vulnerability in Firefox

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, it was rendered using page fonts. Side-channel attacks on the text using specially crafted fonts could have led to this text being interpreted by the webpage. This vulnerability affects Firefox versions earlier...

Astra Linux – Vulnerability in libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

Astra Linux – Vulnerability in binutils

A security flaw has been discovered in GNU Binutils 2.45. The affected function is the tgtagtype function in the prdbg.c file. Performing certain manipulations results in an unchecked return value from this function. This vulnerability can be exploited locally. The exploit has been released to th...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected by this vulnerability are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

Astra Linux – Vulnerability in Chromium

Before version 95.0.4638.69, using garbage collection in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Astra Linux – Vulnerability in WebKit2GTK

A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3, and iPadOS 18.7.3; iOS 26.2 and iPadOS 26.2; macOS Tahoe 26.2; tvOS 26.2; visionOS 26.2; and watchOS 26.2. Processing maliciously crafted web content may lead to arbitra...

Astra Linux – Vulnerability in libmojolicious-perl

The Mojolicious module prior to version 8.65 for Perl is vulnerable to securecompare timing attacks, which allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0....

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

A heap buffer overflow in ANGLE in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in PDFium in Google Chrome prior to version 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling o...

Astra Linux – Vulnerability in Chromium

A stack buffer overflow in Printing in Google Chrome prior to version 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 130.0.6723.92, Dawn in Google Chrome allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Critical...

Astra Linux – Vulnerability in oddjob

A race condition was identified in the mkhomedir tool included with the oddjob package in versions prior to 0.34.5 and 0.34.6. During the home creation process, mkhomedir copies the /etc/skel directory into the newly created home directory and changes its ownership to the home’s user, without...

Astra Linux – Vulnerability in Zeromq3

A uncontrolled resource consumption memory leak flaw was discovered in ZeroMQ’s src/xpub.cpp in versions prior to 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if CURVE/ZAP authentication is disabled on the server, resulting i...

Astra Linux – Vulnerability in Ruby2.5, JRuby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. The Net::IMAP library does not raise an exception when the StartTLS command fails with an unknown response. This may allow man-in-the-middle attackers to bypass TLS protections by leveraging the network...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...