18095 matches found
Astra Linux – Vulnerability in Chromium
Using “after free” in the Shopping Cart in Google Chrome before version 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption through standard feature user interactions...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations in Extensions in Google Chrome prior to version 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Astra Linux – Vulnerability in Wireshark
A NULL pointer exception occurs in the Modbus dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17, allowing for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Wireshark
Uncontrolled recursion in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows for denial of service through packet injection or crafted capture files...
Astra Linux – Vulnerability in Linux 5.10
A race condition was detected in the Linux kernel’s ebpf verifier between bpfmapupdateelem and bpfmapfreeze, due to a missing lock in the kernel/bpf/syscall.c file. In this flaw, a local user with special privileges capsysadmin or capbpf can modify the frozen mapped address space. This flaw affec...
Astra Linux – Vulnerability in glibc
A flaw was discovered in glibc. A “off-by-one” buffer overflow and underflow in the getcwd function may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and the size passed to getcwd in a setuid program could exploit this flaw t...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...
Astra Linux – Vulnerability in Linux 5.10
A flaw in the Linux kernel’s implementation of the RDMA communication manager listener code allowed an attacker with local access to set up a socket to listen on a high port. This allowed for a memory element to be used after it was freed. With the ability to execute code, a local attacker could...
Astra Linux – Vulnerability in Chromium
Before version 96.0.4664.93, using the "after free" mechanism in the UI of Google Chrome on Linux allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in the loader component of Google Chrome prior to version 96.0.4664.93 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 96.0.4664.93, using free after in the window manager in Google Chrome on ChromeOS allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: Destroy the cmid before destroying the qp to avoid using it after freeing it. We should always destroy the cmid before destroying the qp to prevent accessing the cma after the qp is destroyed. This can lead to incorrec...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: blk-cgroup: fixed a UAF vulnerability by acquiring the blkcg lock before destroying the blkg. KASAN reports a use-after-free issue during the fuzz test: 693354.104835...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mac80211: fixed a use-after-free in CCMP/GCMP RX. When PN checking is performed in mac80211, for fragmentation purposes, we need to copy the PN into the RX struct so that it can be used later for comparison. This is mentioned in...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: sctp: A buffer overflow vulnerability exists when skbheaderpointer returns NULL in sctprcvootb. We should always check if the return value of skbheaderpointer is NULL before using it. Otherwise, it may lead to a nullptrderef...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fixed the stack information leak. The name of the tty driver is also used after registering the driver, and it must specifically not be allocated on the stack to prevent information from leaking into the user spac...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the implementation of the QEMU virtio-fs shared file system daemon virtiofsd. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in directories shared by virtio-fs, with unintended group ownership. This occurs in a scenario where a...
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using the "After Free" feature in the Thumbnail Tab Strip in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using "After Free" in Google Chrome’s extensions allowed a remote attacker to potentially exploit heap corruption through user interaction...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 98.0.4758.80, using the "after free" mechanism in Google Chrome’s payments functionality allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Cast in Google Chrome before version 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Memory access out of bounds in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux, Linux 5.10
A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c within the Linux kernel. This flaw allows a local attacker with special user privileges CAPSYSADMIN or CAPSYSRAWIO to cause confidentiality issues...
Astra Linux – Vulnerability in Redis
It was discovered that Redis, a persistent key-value database, due to a packaging issue, is susceptible to a Lua sandbox escape that is specific to Debian. This could lead to remote code execution...
Astra Linux – Vulnerability in Blender
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, potentially allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8, and 3.1...
Astra Linux – Vulnerability in Firefox
Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 96. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some ...
Astra Linux – Vulnerability in Blender
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption, or potentially code execution...
Astra Linux – Vulnerability in Chromium
The use of after free in ANGLE in Google Chrome before version 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Tab Groups component of Google Chrome prior to version 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and induced specific user interactions to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...
Astra Linux – Vulnerability in Linux, Linux 5.10
A heap-based buffer overflow flaw was discovered in the way the legacyparseparam function in the Linux kernel’s Filesystem Context functionality verifies the length of the supplied parameters. A non-privileged user if non-privileged user namespaces are enabled, otherwise requiring CAPSYSADMIN...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 97.0.4692.99, using free after Vulkan in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in PDFium in Google Chrome prior to version 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 97.0.4692.99, using Bookmarks in Google Chrome allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to engage in certain user interactions...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Task Manager of Google Chrome prior to version 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption through specific user interactions...
Astra Linux – Vulnerability in Samba
Samba AD DC includes checks when adding service principal names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks can be bypassed if an account modification re-adds an SPN that was previously present on that account, such as an SPN added...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 97.0.4692.99, using free after site isolation in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 97.0.4692.99, using "After Free" in Safe Browsing in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 97.0.4692.99, using Omnibox in Google Chrome allowed a remote attacker to convince the user to engage in specific user interactions, thereby potentially exploiting heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In Google Chrome, the use of "after free" in scheduling before version 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in DevTools in Google Chrome prior to version 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...