18095 matches found
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Skia in Google Chrome prior to version 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in Canvas in Google Chrome before version 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in Payments in Google Chrome prior to version 121.0.6167.85 allowed a remote attacker to potentially spoof the security UI through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Integer underflow in WebUI of Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after free in Passwords in Google Chrome before version 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption through specific UI interactions. Chromium security severity: Medium...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, NSS
NSS was vulnerable to a timing-side-channel attack during RSA decryption. This attack could potentially allow an attacker to retrieve private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in dbAdjTree. Currently, there is a missing bounds check when accessing the dmtstree within dbAdjTree. To address this issue, a boolean variable named “isctl” was added. This variable...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Ring-buffer: Do not attempt to read beyond the “commit” boundary. When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader’s data. There are mechanisms to detect and handle this issue...
Astra Linux – Vulnerability in Chromium
The use of after-free in Dawn in Google Chrome before version 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after-free in ANGLE in Google Chrome before version 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Critical...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fixed the issue where the SoC may hang during 16-byte unaligned reads. There is an errata regarding the chip ls1028a: The SoC may hang during 16-byte unaligned read transactions initiated by QDMA. Unaligned...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Before version 123.0.6312.58, using Swiftshader in Google Chrome allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
In V8 of Google Chrome, out-of-bounds memory access before version 122.0.6261.111 allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of Mojo with “after free” in Google Chrome before version 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of Mojo after free in Google Chrome before version 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after free in Peer Connection in Google Chrome before version 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after-free in the Network mechanism in Google Chrome before version 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption through a malicious file. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data through a crafted Chrome Extension. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fixed a double-free in sidpminit When the allocation of adev-pm.dpm.dynstate.vddcDependenceondispclk.entries fails, amdgpufreeextendedpowertable is called to free some fields of adev. However, when the control flow...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: The issue lies in ofparsephandlewithargsmap. In this function, the inner loop that iterates through the map entries calls ofnodeputnew to free the reference acquired during the previous iteration of the inner loop. This assumes...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a NULL dereference bug. The issue arises when this function is called from ntfsloadattrlist. The value of “size” is calculated as le32tocpuattr-res.datasize. On 64-bit systems, this does not cause an overflow, but...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a UAF in smb20oplockbreakack. removed references after using opinfo...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Before version 115.0.5790.98, out-of-bounds memory access in Mojo within Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in WebRTC in Google Chrome before version 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 114.0.5735.90, read and write access in ANGLE using Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome prior to version 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of after-free in WebRTC in Google Chrome before version 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 114.0.5735.133, using Autofill for payment processing in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Critical...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsethash: Unaligned atomic read on struct nftsetext Access to the genmask field in struct nftsetext results in an unaligned atomic read: 72.130109 Unable to handle kernel paging requests at virtual address...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: fixed the race condition in dstnegativeadvice The dstnegativeadvice function does not enforce proper RCU rules when sk-dstcache must be cleared, leading to a potential Use-After-Free error UAF. RCU rules state that we must...
Astra Linux – Vulnerability in Shadow
A flaw was discovered in shadow-utils. When requesting a new password, shadow-utils asks for the password twice. If the password is incorrect on the second attempt, shadow-utils fails in clearing the buffer used to store the first entry. This may allow an attacker with sufficient access to retrie...
Astra Linux – Vulnerability in Samba
The fixes in 4.6.16, 4.7.9, 4.8.4, and 4.9.7 for CVE-2018-10919, which address the issue of confidential attributes being disclosed via LDAP filters, were insufficient. An attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...
Astra Linux – Vulnerability in Systemd
A “off-by-one” error issue was discovered in Systemd within the formattimespan function of the time-util.c file. An attacker could provide specific values for time and accuracy, resulting in a buffer overflow in formattimespan, which can lead to a Denial of Service...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Another memory leak has been fixed in the error handling paths. The memory allocated by vmbusallocring at the beginning of the probe function is never freed during the error handling process. The missing vmbusfreeri...
Astra Linux – Vulnerability in Chromium
Accessing resources outside the allowed range using V8 in Google Chrome before version 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in WebGPU in Google Chrome before version 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in WebAudio in Google Chrome before version 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...