58903 matches found
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 137.0.7151.55, using V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
In V8 in Google Chrome, prior to version 139.0.7258.127, it was possible for a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Zabbix
JavaScript preprocessing, webhooks, and global scripts can lead to uncontrolled utilization of CPU, memory, and disk I/O resources. The ability to preprocess/webhook/configure and test global scripts is only available to Administrative roles Admin and Superadmin. Administrative privileges should...
Astra Linux – Vulnerability in Thunderbird
matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. In versions prior to 19.4.0, events sent with special strings in key locations could temporarily disrupt or hinder the proper functioning of matrix-js-sdk, potentially affecting the consumer’s ability...
Astra Linux – Vulnerability in Firefox
An attacker was able to perform out-of-bounds read or write operations on a JavaScript object by exploiting a bug related to range-based bounds checks. This vulnerability affects Firefox versions prior to 124.0.1...
Astra Linux – Vulnerability in Firefox
An attacker was able to insert an event handler into a privileged object, allowing arbitrary JavaScript execution in the parent process. Note: This vulnerability only affects Desktop Firefox; mobile versions of Firefox are not affected. This vulnerability applies to Firefox versions earlier than...
Astra Linux – Vulnerability in Firefox
When a web page created a pop-up from a “javascript:“ URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs. This vulnerability affects Firefox versions earlier than 120...
Astra Linux – Vulnerability in Thunderbird, Firefox
Parsing a JavaScript module as JSON can, under certain circumstances, lead to cross-compartment access, which may result in a use-after-free vulnerability. This vulnerability has been fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome before version 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability has been fixed in Firefox 145 and Thunderbird 145...
Astra Linux – Vulnerability in Firefox
By using 3D CSS in conjunction with JavaScript, content could be rendered outside the webpage’s viewport. This led to a spoofing attack that could be used for phishing or other attacks against users. This vulnerability affects Firefox versions earlier than 88...
Astra Linux – Vulnerability in Zabbix
Duktape is a third-party embeddable JavaScript engine, focusing on portability and minimal footprint. When adding too many values in the valstack, JavaScript can crash. This issue arises due to a bug in Duktape 2.6, which is a third-party solution that we use...
Astra Linux – Vulnerability in Thunderbird
matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. Version 34.11.0 and earlier of matrix-js-sdk was vulnerable to client-side path traversal attacks through crafted MXC URIs. A malicious room member could trigger clients using matrix-js-sdk to send...
Astra Linux – Vulnerability in Firefox
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability has been fixed in Firefox 143.0.3...
Astra Linux – Vulnerability in jsoup
jsoup is a Java HTML parser designed for HTML editing, cleaning, scraping, and XSS Cross-Site Scripting protection. However, jsoup may incorrectly sanitize HTML containing javascript: URLs, which could allow XSS attacks when a user clicks on those links. If the non-default...
Astra Linux – Vulnerability in Node-EJS
The ejs also known as Embedded JavaScript templates package version 3.1.6 for Node.js enables server-side template injection in settings view optionsoutputFunctionName. This is parsed as an internal option, and the outputFunctionName option is overwritten with an arbitrary OS command which is...
Astra Linux – Vulnerability in Firefox and Thunderbird
Due to a sequence of events controlled by the attacker, a JavaScript alert dialog with arbitrary although unstyled contents could be displayed over an uncontrolled web page of the attacker’s choice. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...