firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/ivpu: Fixed a page fault in ivpubounbindallbosfromcontext...

Astra Linux - уязвимость в mariadb-10.3

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fixed the potential double-free of the bit17 bitmask. A userspace environment where multiple threads compete to set the tiling to I915TILINGNONE could lead to a double-free of the bit17 bitmask. Or, conversely, memory...

Astra Linux - уязвимость в chromium

The object lifecycle issue in V8 of Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10, linux

It was discovered that an NFT object or expression could reference a NFT set located in a different NFT table, resulting in a use-after-free once that table was deleted...

Astra Linux - уязвимость в ceph

A flaw was discovered in Ceph, related to URL processing on RGW backends. An attacker can exploit this issue by providing a null URL, causing the RGW to crash and resulting in a denial of service...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed another slab-out-of-bounds issue in fib6nhflushexceptions While running the self-tests on a KASAN-enabled kernel, I observed a slab-out-of-bounds issue that was very similar to the one reported in commit 821bbf79fe46...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fixed the error path in panfrostmmumapfaultaddr Subject: PATCH drm/panfrost: Fixed the error path in panfrostmmumapfaultaddr If some of the page allocations fail, we should not release the previous references to tho...

Astra Linux - уязвимость в node-json-schema

JSON-schema is vulnerable to improperly controlled modification of object prototype attributes known as “Prototype Pollution”...

Astra Linux – Vulnerability in Firefox and Thunderbird

The texture upload of a Pixel Buffer Object could have caused WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR 78.9, Firefox 87, and Thunderbird 78.9...

Astra Linux - уязвимость в chromium

Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: If the queue update fails, do not reserve bo. The error handling path should unreserve bo and then return a failure message. Selected from the commit c24afed7de9ecce341825d8ab55a43a254348b33...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cachefiles: The issue of incorrect dentry refcount in cachefilescull has been fixed. The patch mentioned below changed cachefilesburyobject to expect 2 references to the ‘rep’ dentry. Three of the caller functions were changed to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fixed the potential overflow of the shmem scatterlist length. When a scatterlists table of a GEM shmem object with a size of 4 GB or more is populated with pages allocated from the folio format, the .length attribute of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Holding the reservation lock around madvise The issue involves acquiring and releasing the reservation lock related to the GEM object during operations like madvide. The tests use drmgemshmemmadviselocked, which...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed a reference leak in amdgpuuserqwaitioctl. Also, removed the reference to syncobj and timeline fence when aborting the ioctl, as it caused issues due to the output array being too small. This issue was...

Astra Linux - уязвимость в binutils

A issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. The simpleobjectelfmatch function in simple-object-elf.c does not check for a zero value of shstrndx, resulting in an integer overflow and a heap-based buffer overflow...