OpenC3 COSMOS SQL注入漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. In versions 6.7.0 to 7.0.0-rc3 of OpenC3 COSMOS, there was a SQL injection vulnerability. This vulnerability stemmed from the tsdblookup function in the Time-Series Database component, which directly accepted user input without prop...

ALSA-2026:13537 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

Astra Linux – Vulnerability in SQLite3

A flaw was discovered in SQLite’s SELECT query functionality src/select.c. This flaw allows an attacker who is capable of executing SQL queries locally on the SQLite database to cause a denial of service or potentially lead to code execution by triggering a use-after-free. The most significant...

Astra Linux – Vulnerability in Firefox

Potential race conditions in IndexedDB could have caused memory corruption, resulting in a potentially exploitable crash. This vulnerability affects Firefox 132 and Thunderbird 132...

Astra Linux – Vulnerability in pgpool2

In Pgpool-II, there is a risk of exposing sensitive information due to incompatible policy issues. If a database user accesses the query cache, unauthorized table data may be retrieved for that user...

Astra Linux – Vulnerability in Rails

There is a potential escalation to an RCE vulnerability when using YAML serialized columns in Active Record versions 7.0.3.1, 6.1.6.1, 6.0.5.1, and 5.2.8.1. This could allow an attacker, who can manipulate data in the database through methods like SQL injection, to escalate the attack to an RCE...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs/jfs: Added a validity check for dbmaxag and dbagpref. Both dbmaxag and dbagpref are used as indexes for the dbagfree array. However, there is currently no validation for these values, which can lead to errors. The following...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, and VLAN entries after unbinding. As explained in many places, such as commit b117e1e8a86d “net: dsa: delete dsalegacyfdbadd and dsalegacyfdbdel”, DSA is written under the assumption that higher layer...

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, ther...

Astra Linux – Vulnerability in rpm

A flaw was discovered in the RPM package’s read functionality. This flaw allows an attacker to persuade a victim to install a seemingly verifiable package, or to compromise an RPM repository, thereby causing corruption of the RPM database. The most significant threat posed by this vulnerability i...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Maps shared memory as WC, not WB. Linux does not write to the cmd-db region. This memory region is protected from writing by XPU. XPU may sometimes incorrectly detect a clean cache eviction as a “write” to the...

Astra Linux – Vulnerability in rpm

A flaw was discovered in RPM’shdrblobInit function in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The greatest threat from this vulnerability is to system availability...

Astra Linux – Vulnerability in h2database

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes the class name of the driver and the URL of the database as parameters. An attacker may pass in a JNDI driver name and a URL that points to an LDAP or RMI server, allowing for remote code execution. This vulnerability can be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: added a check to prevent array-index-out-of-bounds in dbAdjTree. When the value of lp is 0 at the beginning of the for loop, it will become negative during the next assignment, and we should take appropriate measures to avoi...

Astra Linux – Vulnerability in SQLite3

In SQLite, from version 3.30.1 onwards, alter.c allows attackers to trigger infinite recursion through certain types of self-referential views in conjunction with ALTER TABLE statements...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. A specially crafted Lua script executed in Redis can trigger a heap overflow in the cjson library, leading to heap corruption and potentially remote code execution. This issue exists in all versions of Redis that support Lua scripting,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, the generation of the list of MDB events to replay competed with the creation of new group memberhips, either through the IGMP/MLD snoopin...

Astra Linux – Vulnerability in exim4

Exim dnsdb Out-of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as 1. Can be reproduced using 2. Suppress these reports by...

Astra Linux – Vulnerability in SQLite3

In SQLite 3.49.0 before 3.49.1, certain argument values passed to sqlite3dbconfig in the C-language API can cause a denial of service application crash. A sznBig multiplication is not cast to a 64-bit integer, which can lead to incorrect memory allocations...