49008 matches found
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. This vulnerability is difficult to exploit...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In multiple functions of iouring.c, there is a possibility of kernel memory corruption due to improper locking. This could lead to a local escalation of privileges in the kernel, as execution privileges are required. User interaction is not necessary for exploiting this vulnerability...
Astra Linux – Vulnerability in Chromium
Before version 101.0.4951.41, using File Manager in Google Chrome allowed a remote attacker to potentially exploit heap corruption through specific and direct user interactions...
Astra Linux – Vulnerability in Chromium
The use of “after free” in User Education in Google Chrome before version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension or specific user interactions...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow vulnerability in PDF files in Google Chrome prior to version 118.0.5993.70 allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of tab groups for temporary files in Google Chrome before version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension and specific user interactions...
Astra Linux – Vulnerability in Gegl
GIMP HDR File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Bookmarks in Google Chrome before version 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension and specific user interactions...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
CVE-2026-28573
CVE-2026-28573 affects Android Wear OS via a Framework component vulnerability described as a local denial of service in AndroidManifest.xml due to a missing permission check. The CVE is characterized as high severity with a CVSSv4 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:I:H/CI:H/AI:H; impacts ...
EUVD-2026-37554
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37555
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210216
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210213
In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2026-28615
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-28576
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-28587
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0071
In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0083
In Nfc::eventCallback of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0081
In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...