47432 matches found
CVE-2026-44392
Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: - svcrdma: The use of rcpageoff for the byte offset in memcpy was corrected. - svcrdmacopyInlinerange: The page index rccurpage was added to the page base instead of the byte offset rcpageoff. Use rcpageoff to ensure that copi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Zoned: Skipping splitting and logical rewriting during pre-alloc write operations. During relocation, there is a possibility that at the time of btrfsrelocclonecsums, there may be no checksum for the corresponding regio...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fixed atomic context locking issue The ncmsetalt function was holding a mutex to prevent race conditions with configfs. This function invokes the mightsleep function within an atomic context. The struct pointer...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed recursive locking in RPC handle list access Since commit 305853cce3794 “ksmbd: Fixed race condition in RPC handle list access”, the ksmbdsessionrpcmethod function attempts to lock sess-rpclock. This causes hung...
Astra Linux - уязвимость в firefox
In certain cases, JIT incorrectly optimized MSubstr operations, resulting in out-of-bounds reads. This vulnerability affects Firefox versions less than 125...
Astra Linux - уязвимость в bison
GNU Bison before version 3.5.4 allowed attackers to cause a denial of service application crash. NOTE: There is only a risk if Bison is used with untrusted inputs, and a reported bug could lead to unsafe behavior with a specific compiler/architecture. The bug reports were intended to indicate tha...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в chromium
Inappropriate implementation of Omnibox in Google Chrome prior to version 99.0.4844.51 allowed an attacker with privileged network access to perform a man-in-the-middle attack through malicious network traffic. Chromium security severity: Low...
Astra Linux - уязвимость в apache-log4j2
Improper validation of certificates with host mismatches in the Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack, thereby leaking any log messages sent through that appender. This issue has been fixed in Apache Log4j 2.12.3 and 2.13....
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix for double invocation of the request function. If a netfs request completes during the pause loop, the reference belonging to the INPROGRESS flag will be removed at that point. However, if the request proceeds to the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/shmem, swap: fixed the soft lockup issue with mTHP swapin. The following soft lockup can be easily reproduced on my test machine using the following command: echo always...
Astra Linux - уязвимость в firefox, thunderbird
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB version 10.5.9 allows an application crash in the findfieldintables and findorderinlist functions due to an unused common table expression CTE...
Astra Linux - уязвимость в chromium
Before version 97.0.4692.71, using "Use after free" in the "Sign-in" process in Google Chrome allowed a remote attacker to convince a user to perform certain user gestures, thereby potentially exploiting heap corruption through those gestures...
Astra Linux - уязвимость в chromium
Before version 101.0.4951.41, using free after in the Ozone browser extension in Google Chrome allowed a remote attacker to potentially exploit heap corruption by running a Wayland test...
Astra Linux - уязвимость в linux, linux-5.10
There is a bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating an NFC device from user-space...
Astra Linux - уязвимость в chromium
In the Sign-In Flow in Google Chrome, using after free before version 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 105.0.5195.52, using “after free” in the Sign-In Flow in Google Chrome allowed a remote attacker who convinced a user to engage in certain UI interactions to potentially exploit heap corruption through crafted UI interactions...
Astra Linux - уязвимость в thunderbird
If a Thunderbird user responded to a crafted HTML email containing a meta tag, where the meta tag had the http-equiv="refresh" attribute, and the content attribute specified a URL, then Thunderbird would initiate a network request to that URL, regardless of any configuration settings that block...