18095 matches found
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Sign-In process in Google Chrome prior to version 1.3.36.351 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
In the Browser UI of Google Chrome, out-of-bounds memory access before version 125.0.6422.141 allowed a remote attacker to exploit heap corruption through a crafted HTML page, by convincing a user to perform certain UI gestures. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
“Type Confusion in V8 in Google Chrome” before version 125.0.6422.112 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Dawn in Google Chrome prior to version 125.0.6422.76 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of “after free” in scheduling in Google Chrome prior to version 125.0.6422.76 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after-free in V8 in Google Chrome before version 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Using “after free” in Dawn in Google Chrome before version 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 124.0.6367.207, writing out-of-bounds data in V8 using Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after-free in Dawn, prior to version 124.0.6367.118, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass the mixed content policy through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in the Browser Switcher component of Google Chrome prior to version 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
In Google Chrome, a vulnerability existed before version 124.0.6367.60 that allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of “after free” in QUIC in Google Chrome before version 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6: fixed a race condition between ipv6getifaddr and ipv6deladdr Although ipv6getifaddr operates under the RCU lock, it still allows hlistforeachentryrcu to return an item that has already been removed from the list. The memory...
Astra Linux – Vulnerability in Chromium
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from APIs through a crafted Chrome Extension. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions through a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Metrics component of Google Chrome prior to version 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after-free in Swiftshader in Google Chrome before version 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of “after free” in DevTools in Google Chrome before version 111.0.5563.64 allowed a remote attacker who had convinced the user to engage in direct UI interaction to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A flaw was discovered in the Linux kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While this will usually be correct, since tuntap devices require CAPNETADMIN, it may not always be the case. For example, a non-root user...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed issues with OOBs during the construction of SMB2IOCTL requests. When encryption is used, whether enforced by the server or when the ‘seal’ mount option is used, the client will squash all compound request buffe...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: Consider the NULL character when validating the event length. strlen returns the length of a string excluding the null byte. If the string length equals the maximum buffer length, there will be no space left in the buffe...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a segmentation issue when upgrading gsosize. The skb was linearized during the upgrade of gsosize, as this might trigger a BUGON function later on, as described in 1,2...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: kunit: Fixed the kthread reference issue. There is a race condition that occurs when a kthread completes its operation after the deadline but before the call to kthreadstop. This may lead to objects being used after they have bee...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: afpacket: fixed vlangetprotocoldgram vs MSGPEEK The responsible commit forgot to handle the MSGPEEK case, resulting in a crash 1, as detected by syzbot. vlangetprotocoldgram was rewritten so that it does not touch the skb at...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in ANGLE in Google Chrome prior to version 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after-free in Dawn in Google Chrome before version 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 121.0.6167.85, using free after in WebRTC in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
In V8 of Google Chrome, out-of-bounds memory access prior to version 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using after-free in V8 in Google Chrome before version 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in DevTools in Google Chrome before version 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Bookmarks in Google Chrome before version 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
In Google Chrome, out-of-bounds memory access in Compositing before version 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape through specific UI gestures. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out-of-bounds memory access via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of WebCodecs with “after free” in Google Chrome before version 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fixed the NFSv4.2 kernel bug at mm/usercopy.c:102 Calling listxattr with a buffer size of 0 returns the actual size of the buffer required for a subsequent call. When size 0, nfs4listxattr does not return an error becaus...
Astra Linux – Vulnerability in Chromium
The use of after free in Canvas in Google Chrome before version 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Performance Manager in Google Chrome before version 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
The inappropriate implementation of the Content Security Policy in Google Chrome prior to version 122.0.6261.57 allowed a remote attacker to bypass the Content Security Policy through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Accessibility in Google Chrome before version 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through specific UI gestures. Chromium security severity: Medium...