8276 matches found
Astra Linux - уязвимость в opensc
A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, which would send a specially crafted response to APDUs to the system. When buffers are partially filled with data, the initialized...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: phonet: fixed the rtmphonetnotify function’s skb allocation. The fillroute function stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify should use: NLMSGALIGNsizeofstruct rtmsg...
Astra Linux - уязвимость в chromium
The double-free operation in the ICU of Google Chrome before version 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed a slab-out-of-bounds issue in sesintfremove. A fix for the issue is as follows: BUG: KASAN: A slab-out-of-bounds condition occurred in sesintfremove+0x23f/0x270 ses. The size of the read operation was 8 bytes at...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Handling jset if a & b ... as a jump in CFG computation. BPFJSET is a conditional jump, and currently, verifier.c:canjump does not take this into account. This can lead to incorrect live registers and SCC Set of...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...
Malicious code in @rocketreach/rr-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1c16148ad4c13ad5d5cbfe951d9ca934a0912ab5ad75c3b4afee19be86172fa On npm install, both preinstall and postinstall lifecycle hooks execute postinstall.js, which collects host identifiers hostname, platform, arch, OS...
RLSA-2026:19201 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine compone...
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...
Security Bulletin: Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution
Summary A path traversal vulnerability exists in multiple Langflow OSS file processing components Docling, Docling Serve, Read File, NVIDIA Retriever Extraction, Video File, and Unstructured API that are based on BaseFileComponent. The vulnerability in the unpackbundle function allows attackers t...
CLSA-2026-1779204531 gdk-pixbuf2: Fix of CVE-2026-5201
CVE-2026-5201: fix heap buffer overflow due to unvalidated JPEG color component count in gdkpixbufjpegimageload...
CLSA-2026-1779204267 gdk-pixbuf2: Fix of CVE-2026-5201
CVE-2026-5201: fix heap buffer overflow due to unvalidated JPEG color component count in gdkpixbufjpegimageload...
Security Bulletin: IBM Controller is affected by vulnerabilities
Summary There are vulnerabilities in Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to cross site scripting XSS and server-side request forgery SSRF vulnerabilities. Please refer to the table in the Related Information section for...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182-React2Shell xpl0ited by infrar3dhttps://git...
@antv/graphin-graphscope (>=0.0.1 <=1.0.5), @graph-analysis/grapher-2d (>=0.0.1 <=0.0.2-beta.11) +22 more potentially affected by unknown CVE via @antv/graphin-components (>=2.0.0-beta.1 <=2.4.1)
@antv/graphin-components NPM version =2.0.0-beta.1, =0.0.1, =0.0.1, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.10.5, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4023...