52847 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In various setup methods of the USB gadget subsystem, there is a possibility of unauthorized writing due to an incorrect flag check. This could lead to a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation. Product...
Astra Linux – Vulnerability in Linux 5.10, Linux
In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out-of-bounds write due to improper input validation. This could lead to a local escalation of privileges, as the system requires execution privileges to exploit the vulnerability. User interaction is not required for exploitation. Product...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using the "After Free" feature in Google Chrome on a Mac allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page. This attacker could convince a user to perform certain user interactions, thereby enabling them to exploit the syst...
Astra Linux – Vulnerability in GhostScript
A vulnerability classified as problematic was discovered in GhostPCL 9.55.0. This vulnerability affects the chunkfreeobject function in the gsmchunk.c file. Manipulation with a malicious file can lead to memory corruption. The attack can be initiated remotely, but requires user interaction. The...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the handling of offloads in ipgre.c, there is a possibility of a page fault due to an invalid memory access. This could lead to the disclosure of local information without the need for additional execution privileges. User interaction is not required for exploitation. Product: Android Versions...
Astra Linux – Vulnerability in exempi
The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...
Astra Linux – Vulnerability in Chromium
The use of “after free” in the Live Caption feature in Google Chrome before version 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through such interactions. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of “after free” in DevTools in Google Chrome before version 111.0.5563.64 allowed a remote attacker who had convinced the user to engage in direct UI interaction to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow vulnerability in PDF files in Google Chrome prior to version 118.0.5993.70 allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Browser History component of Google Chrome prior to version 112.0.5615.49 allowed a remote attacker who convinced a user to perform certain UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of frames with free in Google Chrome before version 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after free in Passwords in Google Chrome before version 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption through specific UI interactions. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of after free in Passwords in Google Chrome prior to version 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through crafted UI interactions. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
In Networking APIs of Google Chrome, before version 112.0.5615.49, it was possible for a remote attacker to exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to perform certain UI interactions. Chromium security severity: Medium...
Astra Linux – Vulnerability in FLAC
In FLACbitreaderreadricesignedblock of bitreader.c, there is a potential out-of-bounds read due to a heap buffer overflow. This could lead to remote information disclosure without requiring additional execution privileges. User interaction is required for exploitation. Product: Android. Versions:...
CVE-2026-28573
CVE-2026-28573 affects Android Wear OS via a Framework component vulnerability described as a local denial of service in AndroidManifest.xml due to a missing permission check. The CVE is characterized as high severity with a CVSSv4 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:I:H/CI:H/AI:H; impacts ...
EUVD-2026-37555
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37554
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210216
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210213
In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...