18095 matches found
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in SQLite in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Integer overflow in Skia in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Memory access beyond the allowed boundaries in the Service Worker API in Google Chrome prior to version 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in the Navigation section of Google Chrome prior to version 112.0.5615.49 allowed a remote attacker to perform domain spoofing through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Browser History component of Google Chrome prior to version 112.0.5615.49 allowed a remote attacker who convinced a user to perform certain UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
In Networking APIs of Google Chrome, before version 112.0.5615.49, it was possible for a remote attacker to exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to perform certain UI interactions. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
In accessibility settings within Google Chrome, before version 112.0.5615.49, it was possible for a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
In Google Chrome, out-of-bounds memory access during DOM bindings before version 112.0.5615.49 allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of frames with free in Google Chrome before version 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The out-of-bounds reading in ANGLE in Google Chrome prior to version 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in PDFs in Google Chrome before version 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after free in WebProtect in Google Chrome before version 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after free in Passwords in Google Chrome before version 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Dbus
A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where the array length is inconsistent with the size of the element...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick in versions prior to 7.0.11 and prior to 6.9.12. In these versions, a division by zero in the WaveImage function of MagickCore/visual-effects.c could lead to undefined behavior when a malicious image file was submitted to an application that used ImageMagick...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from APIs through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Web Audio API in Google Chrome prior to version 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
There exists a use-after-free vulnerability in the Linux kernel through the iouring mechanism and the IORINGOPSPLICE operation. If the IORINGOPSPLICE operation lacks the IOWQWORKFILES flag, it indicates that the operation will not utilize current-nsproxy. As a result, the reference counter is not...
Astra Linux – Vulnerability in Node.js
There is a vulnerability related to untrusted search paths in Node.js. Versions 19.6.1, 18.14.1, 16.19.1, and 14.21.3 may allow an attacker to search for and potentially load ICU data when running with elevated privileges...
Astra Linux – Vulnerability in Tiff
LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3502 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: block, bfq: do not move oombfqq Our test report a UAF: 2073.019181 ================================================================== 2073.019188 BUG: KASAN: use-after-free in bfqputbfqq+0xa0/0x168 2073.019191 Written a size 8...
Astra Linux – Vulnerability in Vim
NULL pointer dereferencing in the GitHub repository for vim/vim before version 9.0.0224...
Astra Linux – Vulnerability in Vim
Vim is vulnerable to Heap-based Buffer Overflow attacks...
Astra Linux – Vulnerability in Vim
Vim is vulnerable to use of uninitialized variables...
Astra Linux – Vulnerability in OpenSSL
The crehash script does not properly sanitize shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner that it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free read flaw was discovered in the sockgetsockopt function in net/core/sock.c, due to race conditions involving SOPEERCRED and SOPEERGROUPS functions when used with listen and connect in the Linux kernel. In this flaw, an attacker with user privileges could potentially crash the...
Astra Linux – Vulnerability in SQLite3
The ext/misc/zipfile.c file in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded \0' characters in filenames, resulting in a memory-management error that can be detected using tools like valgrind...
Astra Linux – Vulnerability in Git
In connect.c, the gitconnectgit function in Git before version 2.30.1 allows a repository path to contain a newline character. This may lead to unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring...
Astra Linux – Vulnerability in Linux
In the Linux kernel, from drivers/staging/rtl8188eu/osdep/ioctllinux.c, the function rtwwxsetscan allows writing beyond the end of the -ssid array. NOTE: From the perspective of kernel.org’s release processes, CVE IDs are not typically used for drivers/staging/ unfinished work. However, system...
Astra Linux – Vulnerability in OpenLDAP
An integer underflow was discovered in OpenLDAP before version 2.4.57, causing slapd to crash during the Certificate Exact Assertion processing, resulting in a denial of service schemainit.c serialNumberAndIssuerCheck...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Access to buffers is protected when there are no active references to them. The function nilfslookupdirtydatabuffers iterates through buffers attached to dirty data folios/pages. It accesses these attached buffers without...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nbd: Do not allow reconnection after disconnection The following process may cause a UAF in nbdconfig: 1 Temporarily grabs nbdconfig; 2 In nbdgenldisconnect, all recvwork calls are flushed, and the initial reference to nbdconfig ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fixed the information leak in the triggered buffer. The data array is allocated using kmalloc, and it is used to push data to user space from the triggered buffer. However, it does not set values...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not call BUGON when the reference count is 0 at btrfslookupextentinfo. Instead of calling BUGON, handle the error by returning -EUCLEAN, aborting the transaction, and logging an error message...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevention of integer overflow issues In the expression “cmd.wqesize cmd.wrcount”, both variables are of type u32 and come from the user space. This multiplication can lead to integer wraparound issues. Similarly, th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: Fix for a use-after-free after an invalid ref action. After calling btrfsreftreemod, if we successfully insert the new ref entry local variable 'ref' into the respective block entry’s rbtree local variable 'be,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: prevented the use of deleted inodes. syzbot reported a warning in nilfsrmdir. 1 Due to the corrupted inode bitmap, an inode with a number that should exist as a ".nilfs" file was reassigned by nilfsmkdir for "file0",...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: A missing range check was added in bitmapipuadt. When tbIPSETATTRIPTO is not present, but tbIPSETATTRCIDR exists, the values of ip and ipto are slightly swapped. As a result, the range check for ip should be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix null-ptr-deref in blocktouchbuffer tracepoint The patch series “nilfs2: Fix null-ptr-deref bugs on block tracepoints” addresses these bugs that occur when using nilfs2 and two block-related tracepoints. This patch...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media:cx24116: prevents overflows in the SNR calculation. According to Coverity reports, if reading the SNR registers fails, a negative number will be returned, resulting in an underflow when reading the SNR registers. This issue...