18095 matches found
Astra Linux – Vulnerability in Vim
Out-of-bounds read in the GitHub repository for Vim before version 8.2...
Astra Linux – Vulnerability in Chromium
The inappropriate implementation of the Extensions API in Google Chrome prior to version 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control through a crafted HTML page...
Astra Linux – Vulnerability in Vim
Buffer over-reading in the GitHub repository vim/vim before version 8.2...
Astra Linux – Vulnerability in Chromium
In the Overview Mode of Google Chrome on Chrome OS, before version 104.0.5112.79, a remote attacker who convinced a user to engage in certain user interactions could potentially exploit heap corruption through specific UI interactions...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations of WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass the same-origin policy through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The inappropriate implementation of the HTML parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
A NULL pointer dereference flaw was discovered in the Linux kernel’s X.25 set of standardized network protocol functions. This flaw allows a local user to crash the system by terminating their session using a simulated Ethernet card while continuing to use that connection...
Astra Linux – Vulnerability in Firefox and Thunderbird
An attacker could have sent a message to the parent process, with the contents being used to index into a JavaScript object twice. This would lead to prototype pollution, and ultimately, attacker-controlled JavaScript would execute in the privileged parent process. This vulnerability affects...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of after free in ANGLE in Google Chrome before version 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux, Linux 5.10
A race condition was identified in the Linux kernel’s perfeventopen function, which can be exploited by an unprivileged user to gain root privileges. This bug allows for the exploitation of several attack primitives, such as kernel address information leakage and arbitrary execution...
Astra Linux – Vulnerability in Firefox and Thunderbird
If an attacker were able to corrupt the methods of an Array object in JavaScript through prototype pollution, they could have executed JavaScript code under their control in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0, and...
Astra Linux – Vulnerability in Thunderbird
When displaying the sender of an email, if the sender’s name contained multiple Braille space characters, Thunderbird would display all those spaces. This could be exploited by an attacker to send an email message with the attacker’s digital signature, where the signature was displayed along with...
Astra Linux – Vulnerability in Firefox, Chromium
Before version 101.0.4951.41, using Codecs in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux, Linux 5.10
In ipcheckmcrcu of igmp.c, there is a potential use after free due to improper locking. This could lead to a local escalation of privileges when opening and closing inet sockets, without the need for additional execution privileges. User interaction is not required for exploitation. Product:...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB version 10.5.9 allows an application crash in the findfieldintables and findorderinlist functions due to an unused common table expression CTE...
Astra Linux – Vulnerability in atftp
In atftp, before version 0.7.5, the options.c file was written beyond the end of an array, thereby exposing server-side /etc/group data to a remote client...
Astra Linux – Vulnerability in ntfs-3g
In NTFS-3G, from version 2021.8.22, ntfsck has a heap-based buffer overflow issue, involving a value of buffer+5123-2. NOTE: The upstream documentation states that ntfsck is deprecated; however, it is still being distributed with some Linux distributions...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object, followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function...
Astra Linux – Vulnerability in python-babel
In Babel.Locale before version 2.9.1, attackers could load arbitrary locale .dat files containing serialized Python objects via directory traversal, resulting in code execution...
Astra Linux – Vulnerability in Chromium
The use of BFCache in Google Chrome before version 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 100.0.4896.88, using tab groups in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 100.0.4896.88, using free storage in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape through a crafted Chrome Extension...
Astra Linux – Vulnerability in Chromium
Type confusion in the V8 Turbofan engine in Google Chrome, prior to the release of 100.0.4896.127, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Web UI Settings of Google Chrome prior to version 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebGPU in Google Chrome prior to version 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
Astra Linux - Vulnerability in Chromium
An out-of-bounds memory access vulnerability in the UI Shelf in Google Chrome on Chrome OS and Lacros versions prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption through specific user interactions...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Bookmarks in Google Chrome before version 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption through specific and direct user interactions...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass the trusted types policy through a crafted HTML page...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ipmi: Fixed UAF when uninstalling the ipmisi and ipmimsghandler modules Hi, During testing the installation and uninstallation of the ipmisi.ko and ipmimsghandler.ko modules, the system crashed. The log contains the following...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf bpf: A memory leak was avoided in perfenvinsertbtf. The perfenvinsertbtf function does not insert entries if a duplicate BTF ID is encountered, which can lead to a memory leak. The function should now return a success/err...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iavf: Freeing qvectors before queues in iavfdisablevf. The iavffreequeues function clears adapter-numactivequeues, which iavffreeqvectors relies on. Therefore, the order of these two function calls in iavfdisablevf needs to be...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb:typec:tipd: The WARNON message in tps6598xblockread has been removed. Calling tps6598xblockread with a parameter length greater than allowed can be handled by simply returning an error. There is no need to cause system crashe...
Astra Linux – Vulnerability in Chromium
Integer overflow in Mojo in Google Chrome prior to version 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of "after free" in Animation in Google Chrome before version 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.51, using the "After Free" feature in the Cast UI in Google Chrome allowed a remote attacker who convinced a user to engage in certain user interactions to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.51, using "After Free" in the Media section of Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Cast in Google Chrome before version 99.0.4844.51 allowed attackers to convince users to install a malicious extension and induce specific user interactions, thereby potentially exploiting heap corruption through a crafted Chrome Extension...
Astra Linux – Vulnerability in Chromium
In Mojo within Google Chrome, before version 99.0.4844.51, unauthorized memory access allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox URL bar via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS protections through a crafted HTML page. Chrome security severity: Medium...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.51, using free after functions in MediaStream in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension...
Astra Linux – Vulnerability in Chromium
In WebXR in Google Chrome, out-of-bounds memory access before version 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...