Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pciepcsetbar In commit 4284c88fff0e “PCI: designware-ep: Allow pciepcsetbar to update the inbound map address”, setbar was modified to support dynamically changing the backing...

CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

Astra Linux - уязвимость в firefox

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS using DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

📄 Starlink DNS Rebinding

This python script implements a DNS rebinding attack targeting Starlink infrastructure CVE-2023-52235. ================================================================================================================================== | Title : Starlink DNS Rebinding Exploit | | Author : indoushka...

EUVD-2026-5439

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrslock be per port Make the addrslock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. ...

OESA-2025-2361 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

EUVD-2019-11415

Malware in sbrugna...

PT-2025-33540 · WordPress · Taxi Booking Manager For Woocommerce | E-Cab Plugin +1

Name of the Vulnerable Software and Affected Versions: E-cab plugin for WordPress versions prior to 1.3.1 Description: The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover. This is due to insufficient validation of a user...

FreeBSD : Mozilla -- CORS circumvention (58027367-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 58027367-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: Thunderbird cached CORS preflight responses across IP address changes. Th...

SUSE CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

UBUNTU-CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

Mozilla Firefox ESR < 140.1

The version of Firefox ESR installed on the remote Windows host is prior to 140.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-59 advisory. - Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of...

CVE-2024-58006

CVE-2024-58006 : In the Linux kernel, the PCI Domain (dwc) endpoint driver could allow changing a BAR’s size/flags via pci_epc_set_bar() without clearing the previous BAR, if the new BAR config matches the old. This could cause the inbound address translation range to become smaller than the host...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a race condition between UDP socket address changes and rehashing...

Mattermost Server Information Disclosure Vulnerability (CNVD-2020-41486)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server that stems from the program not properly handling changes to email addresses. An attacker could exploit the vulnerability to compromise...

CVE-2019-14880

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise...

kernel: net: sctp: fix panic on duplicate ASCONF chunks

A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled duplicate Address Configuration Change Chunks ASCONF. A remote attacker could use either of these flaws to crash the system...

CVE-2011-2978

Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address aka oldemail field for e-mail change notifications, which makes it easier for remote...

CVE-2011-2978

Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address aka oldemail field for e-mail change notifications, which makes it easier for remote...