8001 matches found
Astra Linux – Vulnerability in Chromium
Before version 91.0.4472.101, using the "after free" mechanism in Google Chrome’s extensions allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the mm, slab context, slab-objexts should always be cleaned up after allocation. When memory allocation profiling is disabled at runtime or due to an error, the shutdownmemprofiling function is called. In this case, slab-objex...
Astra Linux – Vulnerability in Intel Microcode
In the memory subsystem of certain IntelR XeonR 6 processors, out-of-bounds writing when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable privilege escalation through local access...
Astra Linux – Vulnerability in Firefox
An attacker who could have convinced a user to drag and drop an image into a file system could have manipulated the resulting filename to include an executable extension. By doing so, the attacker could potentially trick the user into executing malicious code. Although very similar, this is a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevents attempts to reclaim poisoned pages TL;DR: In SGX, when pages are reclaimed, their contents are copied to secondary storage. SGX instructions do not properly handle machine checks. Nevertheless, existing SGX code...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Extensions in Google Chrome prior to version 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Google Chrome Extension...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation through a malicious Chrome Extension...
Astra Linux - Vulnerability in Golang-1.19
A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...
Astra Linux – Vulnerability in PostgresSQL 11
A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Extensions in Google Chrome before version 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in mbedtls
A issue was discovered in Mbed TLS 3.5.1. There is a persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race conditions in allocslabobjexts. If two competing threads enter allocslabobjexts, and one of them fails to allocate the object extension vector, it may override the valid slab-objexts allocated by the other thread...
Astra Linux – Vulnerability in Chromium
In Google Chrome versions prior to 142.0.7444.59, policy bypass in Extensions allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory through a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fixed a deadlock in the SGX NUMA node search process. When the current node does not have an EPC section configured by the firmware, and all other EPC sections are used up, the CPU can get stuck inside the while loop tha...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to perform certain UI gestures to leak cross-origin data through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in ruby-websocket-extensions
The websocket-extensions Ruby module before version 0.1.5 allowed Denial of Service DoS attacks through Regex backtracking. The extension parser could take quadratic time when parsing a header containing an unclosed string parameter value whose content was a repeated two-byte sequence of a...
Astra Linux – Vulnerability in Intel Microcode
A protection mechanism failure in some third- and fourth-generation IntelR XeonR processors, when using IntelR SGX or IntelR TDX, may allow a privileged user to potentially enable privilege escalation through local access...
Astra Linux – Vulnerability in Intel Microcode
An improperly implemented security check for standard in the DDRIO configuration for some IntelR XeonR 6 processors, when using IntelR SGX or IntelR TDX, may allow a privileged user to potentially enable privilege escalation through local access...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...