16681 matches found
Astra Linux - уязвимость в chromium
Before version 88.0.4324.182, using the "after free" feature in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 87.0.4280.141, using free resources in safe browsing in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 100.0.4896.88, using free storage in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape through a crafted Chrome Extension...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
Incorrect verifier pruning in the BPF module of the Linux kernel version 5.4 and above leads to unsafe code paths being incorrectly marked as safe. This results in arbitrary read/writes to kernel memory, lateral privilege escalation, and container escapes...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page...
Astra Linux - уязвимость в linux
A flaw was discovered in the KVM’s AMD code, which handles SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the “virtext” field, this issue could all...
Astra Linux - уязвимость в tomcat9
There is an improper neutralization of vulnerabilities related to escape, meta, or control sequences in Apache Tomcat. For a subset of uncommon rewrite rule configurations, it was possible for a specially crafted request to bypass certain rewrite rules. If these rewrite rules effectively enforced...
Astra Linux - уязвимость в firefox, thunderbird
The WebGL DrawElementsInstanced method was vulnerable to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...
Astra Linux - уязвимость в chromium
Before version 88.0.4324.96, using the "Omnibox" feature in Google Chrome on Linux allowed a remote attacker the possibility of performing a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 90.0.4430.72, using "use after free" in permissions in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in DevTools in Google Chrome prior to version 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page...
Astra Linux - уязвимость в chromium
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially allow the extension to escape the sandbox via a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 98.0.4758.80, using "After Free" in Safe Browsing in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в redis
It was discovered that Redis, a persistent key-value database, due to a packaging issue, is susceptible to a Lua sandbox escape that is specific to Debian. This could lead to remote code execution...
Astra Linux - уязвимость в chromium
Before version 102.0.5005.61, using the "after free" feature in Indexed DB in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в chromium
Insufficient data validation in Mojo in Google Chrome prior to version 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
Astra Linux - уязвимость в chromium
A heap buffer overflow in the GPU component of Google Chrome prior to version 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Integer overflow in Skia in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-5.15
A flaw was discovered in KVM AMD Secure Encrypted Virtualization SEV within the Linux kernel. A KVM guest that uses SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler...