29534 matches found
MindsDB has an Improper Access Control Issue
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...
CVE-2026-7711
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...
ALSA-2026:13537 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...
MindsDB 访问控制错误漏洞
MindsDB is a joint query engine developed by MindsDB Corporation, designed specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a access control vulnerability. This vulnerability stemmed fro...
RHEL 8 : thunderbird (RHSA-2026:13537)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:13537 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...
DIE-engine 安全漏洞
DIE-engine is a file type detection and reverse analysis tool developed by Hors’ individual developer. Versions of DIE-engine prior to 3.21 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks, allowing attackers to write arbitrary files into the file...
Astra Linux – Vulnerability in Firefox
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability has been fixed in Firefox 145 and Thunderbird 145...
Astra Linux - уязвимость в chromium
Accessing the V8 engine in Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of "after free" in Blink in Google Chrome before version 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 93.0.4577.82, using V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat the remaining value being equal to 0 as an error in findandmapuserpages. Currently, if findandmapuserpages receives a DMA transfer request from the user with a length field set to 0, or in a rare case, when the...
Astra Linux – Vulnerability in Chromium
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: Unregisters the ECC engine upon probe error and device removal. The on-host hardware ECC engine remains registered both when the spiregistercontroller function returns an error, and also upon device removal...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that BAM is enabled. This often occurs for remotely controlled or remotely power...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: idxd: Fixed device leaks during the compat bind and unbind operations. Make sure to remove the references to the idxd device when using the compat bind and unbind sysfs interfaces...
Astra Linux – Vulnerability in Firefox and Thunderbird
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
Astra Linux - уязвимость в chromium
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
“Type Confusion in V8 in Google Chrome” before version 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...