5772 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
Through a series of window.print calls and popups, an attacker can make a window become fullscreen without the user seeing the notification prompt. This can lead to potential confusion among users or be used in spoofing attacks. This vulnerability affects Firefox ESR version 102.5, Thunderbird...
Astra Linux – Vulnerability in SQLite3
In SQLite 3.30.1, the exprListAppendList function in the window.c file allows attackers to trigger a invalid pointer dereferencing issue, as constant integer values in ORDER BY clauses of window definitions are handled incorrectly...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: TCP: added accessors to read/set tp-sndcwnd. Over the years, we’ve had various bugs in the code that broke the assumption that tp-sndcwnd is greater than zero. Recently, syzbot reported that the condition WARNONONCE!tp-priorcwnd...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed the issue where “tcpmtupprobesuccess” was displayed instead of “wrong sndcwnd”. The syzbot received a new report 1, which finally pointed to a very old bug. This bug was addressed in the initial support for MTU probing...
Astra Linux – Vulnerability in Mariadb 10.3
It has been discovered that MariaDB Server v10.9 and earlier contains a segmentation fault due to the component sql/sqlwindow.cc...
Astra Linux – Vulnerability in Mariadb 10.3
SaveWindowFunctionValues in MariaDB before 10.6.3 can cause an application to crash due to incorrect handling of withWindowFunc=true for a subquery...
Astra Linux – Vulnerability in SQLite3
SQLite version 3.31.1 allows attackers to cause a denial of service segmentation fault through a malformed window-function query, due to improper handling of the initialization of the AggInfo object...
Astra Linux – Vulnerability in libx11, libxpm
A vulnerability was discovered in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, and =12.1.0alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames. This can happen by sending frames that are malformed or should not be sent under certain stream states, thereby forcing the server to consume...
Astra Linux – Vulnerability in mbedtls
A vulnerability was discovered in Mbed TLS before versions 2.28.2 and 3.x, prior to 3.3.0. An adversary with access to sufficiently precise information about memory accesses typically, an untrusted operating system attacking a secure environment can retrieve an RSA private key by observing the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fixed the issue where memory was disabled if the DVSEC CXL range did not match a CFMWS window. The Linux CXL subsystem is based on the assumption that HPA == SPA. That is, the host physical address HPA of HDM decoder...
Astra Linux – Vulnerability in openexr
A flaw was discovered in the function dataWindowForTile of the IlmImf/ImfTiledMisc.cpp file. An attacker who can submit a crafted file for processing with OpenEXR could trigger an integer overflow, resulting in an out-of-bounds write operation on the heap. The most significant impact of this flaw...
Astra Linux – Vulnerability in xorg-server
A vulnerability classified as critical was discovered in X.org Server. The vulnerability affects the GetCountedString function in the xkb/xkb.c file. This vulnerability can lead to a buffer overflow. It is recommended that you apply a patch to address this issue. The identifier associated with th...
Astra Linux – Vulnerability in Chromium
Integer overflow in the Window Manager in Google Chrome on the Chrome OS and Lacros before version 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out-of-bounds memory write via crafted UI interactions. Chrome security severity: Hig...
xorg-x11-server-Xwayland security, bug fix, and enhancement update
An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Xwayland is an X server for running X clients under Wayland...
PT-2026-51104
Name of the Vulnerable Software and Affected Versions @tinacms/app versions prior to 2.5.6 tinacms versions prior to 3.9.3 Description Cross-origin postMessage handlers allow for stored XSS and session takeover. The software registers window message listeners—specifically the useTina overlay...
GHSA-2R2C-CX56-8933 JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry
Summary The JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS Negotiate About Window Size option. An unauthenticated remote attacker can send a NAWS subnegotiation advertising a 65535×65535 terminal and repeatedly alternate...
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...
Covert Storage Channel
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Covert Storage Channel via the...
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...