Astra Linux - уязвимость в chromium

Before version 91.0.4472.114, using "After Free" in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page and user gestures...

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

PT-2025-5336 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 11.2.0 Description: The issue allows a typical user to specify an arbitrary role when sharing an item, enabling them to use a higher-privileged role to view fields they should not be able to see. This affects...

DEBIAN-CVE-2024-7533

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

PT-2024-24448 · Ankitects +1 · Anki +1

Name of the Vulnerable Software and Affected Versions: Ankitects Anki version 24.04 Description: A blocklist bypass issue exists in the LaTeX functionality, allowing a specially crafted malicious flashcard to create an arbitrary file at a fixed path. An attacker can trigger this issue by sharing ...

PT-2024-19276 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.5 Description: The 'sharing FAQ' functionality in phpMyFAQ allows any unauthenticated actor to misuse the application to send arbitrary emails to a large range of targets. The front-end of this functionality...

CVE-2023-31477

A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path...

PT-2023-23356 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: A path traversal issue was discovered, allowing the sharing of arbitrary directories, such as /tmp or /etc, through the file sharing feature due to the lack of server-side restrictions...

SUSE CVE-2021-30589

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link...

SUSE CVE-2022-1481

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2022-1640

Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2022-1861

Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction...

DEBIAN-CVE-2022-1861

Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction...

UBUNTU-CVE-2022-1861

Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction...