52850 matches found
Astra Linux – Vulnerability in Chromium
A heap buffer overflow vulnerability in PDF files in Google Chrome prior to version 118.0.5993.70 allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Before version 104.0.5112.79, using "use after free" in the Input component in Google Chrome on the Chrome OS allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through those interactions...
Astra Linux – Vulnerability in Linux 5.10, Linux
In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out-of-bounds write due to improper input validation. This could lead to a local escalation of privileges, as the system requires execution privileges to exploit the vulnerability. User interaction is not required for exploitation. Product...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using the "After Free" feature in Google Chrome on a Mac allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page. This attacker could convince a user to perform certain user interactions, thereby enabling them to exploit the syst...
Astra Linux – Vulnerability in GhostScript
A vulnerability classified as problematic was discovered in GhostPCL 9.55.0. This vulnerability affects the chunkfreeobject function in the gsmchunk.c file. Manipulation with a malicious file can lead to memory corruption. The attack can be initiated remotely, but requires user interaction. The...
Astra Linux – Vulnerability in Chromium
The use of “after free” in the Live Caption feature in Google Chrome before version 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through such interactions. Chromium security severity: Medium...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS...
Astra Linux – Vulnerability in p7zip
7-Zip SquashFS File Parsing: Out-of-Bounds Write Vulnerability Leading to Remote Code Execution. This vulnerability allows remote attackers to execute arbitrary code on affected 7-Zip installations. User interaction is required to exploit this vulnerability, as the target must visit a malicious...
Astra Linux – Vulnerability in Linux
In various methods of kernel-based drivers, there is a possibility of an out-of-bounds write due to a heap buffer overflow. This could lead to a local escalation of privileges, requiring system execution privileges. User interaction is not required for exploitation. Product: Android Versions:...
Astra Linux – Vulnerability in Chromium
Before version 103.0.5060.134, using free in Views in Google Chrome allowed a remote attacker who convinced a user to engage in certain user interactions to potentially exploit heap corruption through UI interactions...
Astra Linux – Vulnerability in Chromium
The use of “after free” in User Education in Google Chrome before version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension or specific user interactions...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. The supported versions affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This easily exploitable vulnerability allows a low-privilege...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. This vulnerability is difficult to exploit...
Astra Linux – Vulnerability in Linux
In memzeroexplicit of compiler-clang.h, there is a possible way to bypass defense in depth due to uninitialized data. This could lead to the disclosure of local information without requiring additional execution privileges. User interaction is not required for exploitation. Product: Android...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the handling of offloads in ipgre.c, there is a possibility of a page fault due to an invalid memory access. This could lead to the disclosure of local information without the need for additional execution privileges. User interaction is not required for exploitation. Product: Android Versions...
Astra Linux – Vulnerability in Chromium
The use of after free in Passwords in Google Chrome prior to version 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through crafted UI interactions. Chromium security severity: High...
CVE-2026-28573
CVE-2026-28573 affects Android Wear OS via a Framework component vulnerability described as a local denial of service in AndroidManifest.xml due to a missing permission check. The CVE is characterized as high severity with a CVSSv4 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:I:H/CI:H/AI:H; impacts ...
EUVD-2026-37555
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37554
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210216
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...