58766 matches found
Astra Linux - уязвимость в firefox
Under certain circumstances, calling the bind function might result in an incorrect realm being set. This could create a vulnerability related to JavaScript-implemented sandboxes, such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
Astra Linux - уязвимость в zabbix
A authenticated user can create a link containing reflected JavaScript code for a service page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в thunderbird
The Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker who cooperated with a malicious home server could interfere with the verification process between two users, substituting their own cross-signed user identity wi...
Astra Linux - уязвимость в webkit2gtk
This issue has been addressed through improved enforcement of iframe sandbox rules. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
Astra Linux - уязвимость в firefox, thunderbird
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution within the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Astra Linux - уязвимость в chromium
In V8, the "out of bounds" reading in Google Chrome before version 121.0.6167.139 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome before version 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
In V8, the "out of bounds" reading in Google Chrome before version 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
In Google Chrome versions prior to 87.0.4280.88, uninitialized use of V8 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page...
Astra Linux - уязвимость в chromium
Memory access out of bounds in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox
An attacker was able to insert an event handler into a privileged object, allowing arbitrary JavaScript execution in the parent process. Note: This vulnerability only affects Desktop Firefox; mobile versions of Firefox are not affected. This vulnerability applies to Firefox versions earlier than...
Astra Linux - уязвимость в golang-1.19
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
Astra Linux - уязвимость в chromium
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux - уязвимость в firefox, thunderbird
An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
Astra Linux - уязвимость в zabbix
Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...
Astra Linux - уязвимость в firefox, thunderbird
When calling JS::CheckRegExpSyntax, a syntax error may be set, resulting in the call to convertToRuntimeErrorAndClear. A path within the function might attempt to allocate memory when no memory is available, causing a newly created Out of Memory exception to be misinterpreted as a syntax error...
Astra Linux - уязвимость в libjettison-java
Those who use Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to out-of-memory conditions. This vulnerability could potentially allow for...
Astra Linux - уязвимость в zabbix
A authenticated user can create a link containing reflected JavaScript code on its own pages and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...