16745 matches found
Astra Linux – Vulnerability in Chromium
Before version 87.0.4280.141, using "after free" in payments in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Firefox
An unexpected message in the WebGPU IPC framework could lead to a use-after-free error and an exploitable sandbox escape. There have been reports of attacks exploiting this flaw in real-world scenarios. This vulnerability affects Firefox versions earlier than 97.0.2, Firefox ESR versions earlier...
Astra Linux – Vulnerability in Apache2
apescapequotes may write beyond the end of a buffer when given malicious input. None of the included modules passes untrusted data to these functions, but third-party/external modules may do so. This issue affects Apache HTTP Server 2.4.48 and earlier...
Astra Linux – Vulnerability in util-linux
The wall function in util-linux up to version 2.40 is often installed with setgid and tty permissions. This allows escape sequences to be sent to other users’ terminals via argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocke...
Astra Linux - уязвимость в chromium
Using “after free” in Dawn in Google Chrome before version 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
The use of “after free” in Navigation in Google Chrome before version 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in virglrenderer
A heap-based buffer overflow in the vrendrenderertransferwriteiov function in vrendrenderer.c in virglrenderer from version 0.8.0 allows guest OS users to cause a denial of service, or a QEMU guest-to-host escape and code execution, through VIRGLCCMDRESOURCEINLINEWRITE commands...
Astra Linux – Vulnerability in Firefox and Thunderbird
Documents loaded with the CSP sandbox directive could have escaped the sandbox’s script restrictions by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Astra Linux – Vulnerability in Chromium
Before version 88.0.4324.146, using the "After Free" feature in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в node-tar
node-tar is a fully featured Tar library for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink within the extraction directory that points to a file outside of the extraction root. This allows arbitrary file reading and writing b...
Astra Linux – Vulnerability in Firefox, Thunderbird
VideoBridge allows any content process to use textures generated by remote decoders. This could be exploited to bypass the sandbox. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Tab Strip component in Google Chrome prior to version 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux - уязвимость в chromium
The use of “after free” in Compositing in Google Chrome before version 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before the release of 87.0.4280.141, users who were browsing safely in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
OESA-2026-2133 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
OESA-2026-2132 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
RHCOS 4 : OpenShift Container Platform 4.19.25 (RHSA-2026:3391)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3391 advisory. - runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects...
RHCOS 4 : OpenShift Container Platform 4.17.50 (RHSA-2026:3416)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3416 advisory. - runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects...
PT-2026-36613
Date: May 2, 2026 Status: ACTIVE GLOBAL EXPLOITATION / MASSIVE RCE WAVE Target: CrushFTP Enterprise Managed File Transfer All versions prior to 11.1.0 Severity: 10.0 MAXIMUM CRITICAL Unauthenticated Remote Code Execution / VFS Escape 1. Analysis: Why "VFS-Shatter" is Today’s Apex Threat While the...
RHCOS 4 : OpenShift Container Platform 4.14.61 (RHSA-2026:0995)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0995 advisory. - runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 - runc: container escape with malicious...