Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: Fixed possible NULL dereferencing. In the call to mac80211hwsimselecttxlink, the sta pointer might be NULL. Therefore, it is necessary to check that it is not NULL before accessing it...

Astra Linux – Vulnerability in Firefox

When styling and rendering an oversized element, Firefox did not apply correct clipping, allowing an attacker to paint over the user interface. This vulnerability affects Firefox versions prior to 89...

Astra Linux - уязвимость в postgresql-11

An information leak was discovered in PostgreSQL versions prior to 13.2, before 12.6, and before 11.11. A user with UPDATE permission but without SELECT permission for a specific column could create queries that, under certain circumstances, might reveal values from that column in error messages...

Astra Linux - уязвимость в qemu

An “off-by-one” error was detected in the SCSI device emulation in QEMU. This error could occur during the processing of MODE SELECT commands in modesensepage, if the ‘page’ argument is set to MODEPAGEALLS 0x3f. A malicious guest could exploit this flaw to potentially cause QEMU to crash, resulti...

Astra Linux - уязвимость в mariadb-10.3

In MariaDB version 10.5.9, an application can crash due to certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations related to temporary data structures...

Astra Linux - уязвимость в ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there was a potential XSS vulnerability with certain configurations of Rails::Html::Sanitizer, due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer might allow an attacke...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the URBDRC client used server-supplied interface numbers as array indices without bounds checks, resulting in a out-of-bounds read in libusbudevselectinterface. This vulnerability has been fixed in version...

FreeBSD Security Advisory - FreeBSD-SA-26:22.libcasper

FreeBSD Security Advisory - libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024...

FreeBSD-SA-26:22.libcasper

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:22.libcasper Security Advisory The FreeBSD Project Topic: select2 file descriptor set overflow causes stack overflow Category: core Module: libcasper...

FreeBSD-SA-26:19.file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:19.file Security Advisory The FreeBSD Project Topic: Kernel use-after-free via file descriptor syscalls Category: core Module: file Announced: 2026-05-20...

FreeBSD -- select(2) file descriptor set overflow causes stack overflow

Problem Description: libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. Impact: An...

FreeBSD -- Kernel use-after-free via file descriptor syscalls

Problem Description: A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked...

freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface

A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...

firefox: thunderbird: Select list elements could be shown over another site

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks...

SAP HANA Deployment Infrastructure deploy library SQL注入漏洞

SAP HANA Deployment Infrastructure deploy library is a deployment support library developed by SAP, a German company, for the deployment and lifecycle management of SAP HANA applications. The SAP HANA Deployment Infrastructure deploy library contains a SQL injection vulnerability. This...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017779 advisory. A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because ...

JLSEC-2026-463 Mbed TLS timing side channel in RSA and CBC/ECB decryption

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

Prototype Pollution

Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution via the formatSelect function. An attacker can cause the application to crash and trigger a server error by supplying specially crafted...

NPM: mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

NPM: mcp-data-vis vulnerable to denial of service via unsanitized select key lookup on Object.prototype with precompile: true vulnerability discovered by ? in WordPress Npm icu-minify versions = 4.9.1...

mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...