Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded and disabled when the driver is removed. When the driver is removed it assumes that the workqueue was...

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates the supplementary group permissions, they may be abl...

Astra Linux - уязвимость в chromium

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset the UDMACHANRT byte counters to prevent overflow. The UDMACHANRTBCNTREG registers store real-time channel byte count statistics. These registers are 32-bit hardware counters, and the driver uses them...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the ansible-connection module of Ansible Engine, where sensitive information such as Ansible user credentials is disclosed by default in the traceback error message. The greatest threat posed by this vulnerability is related to confidentiality...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine 2.9.18, where sensitive information is not masked by default, and the nolog feature is not protected when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The greatest threat posed by this...

CVE-2026-7711 MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711 MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711

Summary: CVE-2026-7711 affects MindsDB Engine up to 26.01, specifically the function exec in mindsdb/integrations/handlers/byom_handler/proc_wrapper.py. The underlying issue enables remote manipulation via the exec path that could allow unrestricted upload. Public exploit code is noted, and the a...

AlmaLinux 10 : thunderbird (ALSA-2026:12285)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:12285 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScri...

PT-2026-36728

Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 26.01 Description A weakness in the Engine Handler component allows for unrestricted file upload. This issue occurs within the exec function located in the mindsdb/integrations/handlers/byom handler/proc wrapper.py fi...

RHEL 10 : thunderbird (RHSA-2026:12285)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:12285 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2026:1649-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1649-1 advisory. This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0...

OPENSUSE-SU-2026:20664-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: - Mozilla Thunderbird 140.10.0 ESR Newly translated strings were not available in Thunderbird MFSA 2026-34 bsc1262230 CVE-2026-6746 Use-after-free in the DOM: Core & HTML component CVE-2026-6747...

CVE-2026-31783

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove callback amlsfcprobe registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup...

CVE-2026-31783 spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove callback amlsfcprobe registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup...

CVE-2026-31783

The CVE-2026-31783 entry refers to a Linux kernel issue in spi: amlogic: spifc-a4 where the on-host NAND ECC engine teardown was missing in probe unwind and remove-time cleanup. The fix adds a devm cleanup action so nand_ecc_unregister_on_host_hw_engine() runs automatically on probe failures and ...

CVE-2026-31783

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove callback amlsfcprobe registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup...

Chromium: CVE-2026-7337 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...