Gmission Web Fax 输入验证错误漏洞

Gmission Web Fax is a network fax management system developed by the South Korean company Gmission. In versions 3.0 to 3.1 of Gmission Web Fax, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper input validation and unrestricted uploading of...

MAL-2026-4624 Malicious code in nw-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3ff057a42800ad78024ac1c48e0d6fbf9c828eb828a41e6737c32b6174ce8c Package is published publicly on npm at version 100.20.33 — a version-number shape used in dependency-confusion attacks to outrank private internal...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: s32cc: fixed uninitialized memory in s32pinctrldesc s32pinctrldesc is allocated using devmkmalloc, but not all of its fields are initialized. Notably, numcustomparams is used in pinconfgenericparsedtconfig, resulting ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the incorrect setting of maxcorrreaderrors. There is no input validation when using the echo md/maxreaderrors command, and an overflow might occur. Add validation for the input number...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Propagating directory read errors from nilfsfindentry. Syzbot reported that a task hang occurs in vcsopen during a fuzzing test for nilfs2. The root cause of this problem is that in nilfsfindentry, which searches for...

Astra Linux - уязвимость в symfony

Symfony is a PHP framework for web and console applications, along with a set of reusable PHP components. The ability to enumerate users was possible without requiring relevant permissions, as the handling differed depending on whether the user existed or not when trying to use the “switch users”...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpiompsseprobe error paths The reference to usbgetdev is not released during the gpiompsseprobe error paths. This issue was fixed by using device-managed helper functions. Additionally, the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: For clk: imx: clk-imx8mp, the error handling in imx8mpclocksprobe has been improved. ofiomap and kzalloc have been replaced with devmofiomap and devmkzalloc. This allows for automatic release of the associated memory when the...

Astra Linux - уязвимость в curl

When curl is used to retrieve and parse cookies from an HTTPS server, it accepts cookies using control codes that, when sent back to an HTTP server later, may cause the server to return 400 responses. This effectively allows a “sister site” to deny service to all other sibling sites...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: mana: Fixed error handling for TX CQE messages. For an unknown type of TX CQE error likely due to newer hardware, still free the SKB, update the queue tail, etc. Otherwise, the accounting data will be incorrect...

Astra Linux - уязвимость в linux, linux-5.10

A flaw in the processing of received ICMP errors such as ICMP fragments and ICMP redirections within the Linux kernel’s functionality was identified. This flaw allows an off-path remote user to quickly scan open UDP ports. This vulnerability enables a remote user to bypass the UDP source port...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: serial: liteuart: fix minor-number leak on probe errors Be sure to release the allocated minor number before returning on probe errors...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: aqc111: Fixed error handling of usbnet read calls Syzkaller, with the help of syzbot, identified an error in the aqc111 driver. This error was caused by incomplete sanitization of the results of usbnet read calls. Th...

Astra Linux - уязвимость в firefox, thunderbird

The error page for sites with invalid TLS certificates lacked the activation-delay feature provided by Firefox to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page triggered user clicks at specific locations immediately before...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: udplite: Fixed null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the referenced commit, udplibinitsock may fail, as may udpinitsock and udpv6initsock. We need to handle th...

firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...

SUSE CVE-2026-8959

Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021583)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021583 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with...

RHEL 8 : thunderbird (RHSA-2026:19467)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19467 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...

Malicious code in @dknzo/soonex-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 637d9821dd6061c21dfa483bdefec73cd6ddeb8ba6e1d9bd9653784de514e9b5 The package advertises itself as 'Internal core lifecycle utilities for Baileys socket connection' but its sole exported function...