18095 matches found
Astra Linux – Vulnerability in Chromium
Insecure security user interfaces during downloads in Google Chrome on Android before version 90.0.4430.93 allowed a remote attacker to perform domain spoofing through a crafted HTML page...
Astra Linux – Vulnerability in Flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Starting from version 0.9.4 and before version 1.10.2, Flatpak has a vulnerability in its “file forwarding” feature, which can be exploited by attackers to gain access to files that would normally...
Astra Linux – Vulnerability in WebKit2GTK
There is a use-after-free vulnerability in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to potential information leaks and further memory corruption. A victim must be tricked into visiting a malicious web page to exploit this...
Astra Linux – Vulnerability in Rails
The PostgreSQL adapter in Active Record before versions 6.1.2.1, 6.0.3.5, and 5.2.4.5 is vulnerable to a regular expression denial of service REDoS vulnerability. Carefully crafted inputs can cause the input validation for the money type in the PostgreSQL adapter in Active Record to spend too muc...
Astra Linux – Vulnerability in libuv1
Node.js versions prior to 16.4.1, 14.17.2, and 12.22.2 are vulnerable to an out-of-bounds read when the uvidnatoascii function is used to convert strings to ASCII. The pointer p is read and incremented without checking whether it lies beyond pe, where pe holds a pointer to the end of the buffer...
Astra Linux – Vulnerability in Chromium
Before version 89.0.4389.72, using "After Free" in the Network Internals section of Google Chrome on Linux allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 89.0.4389.72, using the "tab search" function in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Leakage of side-channel information during autofill in Google Chrome prior to version 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of "after free" in Blink in Google Chrome before version 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...
Astra Linux – Vulnerability in Chromium
Before version 89.0.4389.114, the out-of-bounds read in IPC in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In WebUI Settings of Google Chrome before version 89.0.4389.72, an out-of-bounds memory read was allowed, enabling a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chrome security severity: Low...
Astra Linux – Vulnerability in Chromium
Before version 90.0.4430.72, using "use after free" in permissions in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out-of-bounds memory access via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 88.0.4324.96, using the "After Free" feature in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 88.0.4324.96, using the "Omnibox" feature in Google Chrome on Linux allowed a remote attacker the possibility of performing a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 88.0.4324.96, using WebSQL in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Blink in Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A stack buffer overflow in the Data Transfer component of Google Chrome on Linux, prior to version 88.0.4324.182, allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in V8 in Google Chrome prior to version 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 88.0.4324.182, using "Use after free" in Downloads in Google Chrome on Windows allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in TabStrip in Google Chrome prior to version 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 88.0.4324.182, using the "after free" feature in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebAudio in Google Chrome prior to version 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the appcache of Google Chrome prior to version 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The incorrect security interface in the Loader component in Google Chrome prior to version 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insecurity-related UI in TabStrip and Navigation in Google Chrome on Android prior to version 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox URL bar through a crafted HTML page...
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc version 1.9.12. A double-free in the function pspdfexport in ps-pdf.cxx may lead to a write-what-where condition, allowing an attacker to execute arbitrary code and cause a denial of service...
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc in v1.9.12 and earlier. A null pointer dereference in fileextension in file.c may allow for the execution of arbitrary code and cause a denial of service attack...
Astra Linux – Vulnerability in Chromium
Using "after free" in DevTools in Google Chrome before version 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape by using a specially crafted file...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass the file extension policy through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In Google Chrome versions prior to 88.0.4324.96, uninitialized usage in USB devices allowed a local attacker to potentially perform out-of-bound memory access through a USB device...
Astra Linux – Vulnerability in Firefox
When a user opened the Web Extensions context menu, the Web Extension could access the post-redirect URL of the clicked element. If the Web Extension did not have the necessary WebRequest permissions for the hosts involved in the redirection, this would constitute a same-origin violation, allowin...
Astra Linux – Vulnerability in gmp
The GNU Multiple Precision Arithmetic Arithmetic Library GMP version up to 6.2.1 has an integer overflow issue in the mpz/inpraw.c file, which can lead to a buffer overflow due to malicious input. This results in a segmentation fault on 32-bit platforms...
Astra Linux – Vulnerability in Samba
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client that can use a server symlink to determine whether a file or directory exists in a part of the server file system that is not exported under the share definition. This attack can only succeed if SMB1 with unix extensions i...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: Check ctr-cnr to avoid array index out of bounds. cmtpaddconnection adds a CMTP session to a controller and runs a kernel thread to process CMTP. modulegetTHISMODULE; session-task = kthreadruncmtpsession, session,...
Astra Linux – Vulnerability in Thunderbird
The olmsessiondescribe function in Matrix libolm before version 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a...
Astra Linux – Vulnerability in Linux, Linux 5.10
In f2fssetxattr in fs/f2fs/xattr.c in the Linux kernel, as of version 5.15.11, there is a potential for out-of-bounds memory access when an inode has an invalid last xattr entry...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A list management bug in BSS handling in the mac80211 stack of the Linux kernel versions 5.1 through 5.19.x, prior to 5.19.16, could be exploited by local attackers those capable of injecting WLAN frames to corrupt a linked list and, in turn, potentially execute unauthorized code...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A stack overflow flaw was discovered in the Linux kernel’s SYSCTL subsystem regarding how a user modifies certain kernel parameters and variables. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A issue was discovered in the Linux kernel before version 6.0.11. Missing validation of the number of channels in the drivers/net/wireless/microchip/wilc1000/cfg80211.c file in the WILC1000 wireless driver can lead to a heap-based buffer overflow when copying the list of operating channels from...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A issue was discovered in the drivers/input/input.c file within the Linux kernel before version 5.17.10. An attacker can cause a denial of service panic if inputsetcapability mishandles situations where an event code falls outside of a bitmap...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fixed a possible double-free of kmemcache When running the slubdebug test, the kfence’s “testmemcachetypesafebyrcu” kunit test case caused a use-after-free error: BUG: KASAN: use-after-free in kobjectdel+0x14/0x30...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qlt24xxhandleabts The commit 8f394da36a36 “scsi: qla2xxx: Drop TARGETSCFLOOKUPLUNFROMTAG” caused the qlt24xxhandleabts function to return early if tcmqla2xxxfindcmdbytag failed to find a command...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fixed potential resource leakage when registering a chip. If the creation of a software node fails, the locally allocated string array remains unleased. This issue has been addressed by releasing the resource upon a...