18086 matches found
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in Dawn in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of “after free” in PrivateAI in Google Chrome before version 147.0.7727.55 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially execute a sandbox escape through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in libexif
In libexif versions up to 0.6.25, a integer underflow in size checking for Fuji and Olympus MakerNote decoding could be exploited by attackers to cause programs that use libexif to crash or leak information...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in WebRTC in Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Python 3.11
User-controlled header names and values containing newlines can allow for the injection of HTTP headers...
Astra Linux – Vulnerability in Chromium
Using the “after free” mechanism in the Digital Credentials API in Google Chrome before version 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in Dawn in Google Chrome before version 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Chromium
The use of After Free in Media in Google Chrome before version 147.0.7727.55 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using after-free in WebGL in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebGL in Google Chrome prior to version 146.0.7680.165 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in glibc
Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library’s DNS backend can lead to a situation where a zero-valued network is queried during operations in the GNU C Library versions 2.0 to 2.42. This could result in leaking stack contents to the configured...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebAudio in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.17, a network-attached attacker could send a crafted SNMP response to the CUPS SNMP backend, causing an out-of-bounds read of up to 176 bytes beyond the stack buffer. The leak...
Astra Linux – Vulnerability in Flatpak
Flatpak is a Linux application sandboxing and distribution framework. Prior to version 1.16.4, the caching mechanism for ld.so removed outdated cache files without properly checking whether the app’s control over the path to the outdated cache was valid within the cache directory. This allowed...
Astra Linux – Vulnerability in Chromium
In CSS, operations outside the bounds were allowed in Google Chrome before version 146.0.7680.165; this enabled a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: AppArmor: Fixing differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this, the unpacking process should verify that the diff-encode chain terminates. Unfortunately, t...
Astra Linux – Vulnerability in Firefox
DoS attack in the XML component. This vulnerability has been fixed in Firefox 149 and Thunderbird 149...
Astra Linux – Vulnerability in Chromium
Integer overflow in Codecs in Google Chrome prior to version 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in libexif
LibExif through version 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function receives a 0 size as input, the passed-in buffer will be overwritten due to an integer underflow...
Astra Linux – Vulnerability in GIMP
GIMP XWD File Parsing: Out-of-Bounds Write Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The...
Astra Linux – Vulnerability in libssh
A malicious SCP server can send unexpected commands that may cause the client application to override local files outside of the working directory. This could be exploited to create malicious executable or configuration files, causing the user to execute them with specific consequences. This is t...
Astra Linux – Vulnerability in unbound
A vulnerability in caching resolvers called “Rebirthday Attack” has been discovered in resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., with the option --enable-subnet, and when configured to send ECS information along with queries to...
Astra Linux – Vulnerability in Chromium
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in Dawn in Google Chrome before version 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in util-linux
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability was identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
A use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 149.0.2 and...
Astra Linux – Vulnerability in sssd
A flaw was discovered in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Since the data is treated as a NUL-terminated C string without an explicit termination, this leads to a...
Astra Linux – Vulnerability in libsoup3
A flaw was discovered in libsoup’s SoupServer. A remote attacker could exploit a use-after-free vulnerability, where the soupserverdisconnect function releases connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Chromium
A stack buffer overflow in WebRTC in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Integer overflow in ANGLE in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Firefox and Thunderbird
JIT compilation errors, use-after-free in the JavaScript Engine: JIT components. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: AppArmor: Avoid per-cpu hold underflow in aagetbuffer. When aagetbuffer retrieves data from the per-cpu list, it conditionally decreases cache-hold. If hold reaches 0 while count remains non-zero, the unsigned decrement wraps to...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: Do not dump the entire memory region. The current logic in cperprintfwerr does not check whether the length of the error record is sufficient to handle the offset. In a faulty firmware, if the offset is greater than the...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: EFI: Fix for reserving unaccepted memory tables The reserveunaccepted function incorrectly calculates the size of the memblock reserved for unaccepted memory tables. It aligns the size of the table, but fails to take into account...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: hfsplus: treating special inodes as regular files Since the commit af153bb63a33 "vfs: catching invalid modes in mayopen" requires that any inode be of one of the types SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/SIFIFO/SIFSOCK, use SIFREG...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: authgss: Fixed memory leaks in XDR decoding error paths. The functions gssxdecctx, gssxdecstatus, and gssxdecname allocate memory through gssxdecbuffer, which calls kmemdup. When a subsequent decoding operation fails, the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: drm/atmel-hlcdc: fixed the issue where “drmcrtccommit” was used after release. The atmelhlcdcplaneatomicduplicatestate callback was copying the atmelhlcdcplane state structure without properly duplicating the drmplanestate...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fixed potential OOB access in audio mixer handling. In the audio mixer handling code of the ctxfi driver, the conf field is used as a loop index, and it’s referenced in the index callback functions amixerindex and...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the WQMEMRECLAIM warning When sunrpc is used, if a reset occurs, our workqueue may result in the following call trace: workqueue: WQMEMRECLAIM xprtiod: xprtrdmaconnectworker rpcrdma is being flushed! WQMEMRECLAIM...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Fixed a regulator resource leak caused by a failure in wm5102clearwritesequencer. The wm5102clearwritesequencer helper function may return an error and simply terminate, bypassing the cleanup sequence. This results ...
Astra Linux – Vulnerability in LCMS2
In Little CMS lcms2 version 2.18, there is an integer overflow in the CubeSize function in cmslut.c, as the overflow check is performed after the multiplication operation...