14934 matches found
Medium: libgcrypt
Issue Overview: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989 Affected Packages: libgcrypt Issue Correction: Run dnf update libgcrypt --releasever 2023.11.20260514 or dnf update --advisory...
Medium: perl-Text-CSV_XS
Issue Overview: CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. CVE-2026-7111 Affected Packages: perl-Text-CSVXS Issue Correction: Run dnf update perl-Text-CSVXS --releasever...
Medium: curl
Issue Overview: When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Affected Packages: curl Issue Correction: Run dnf update curl --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1699...
Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2026-279)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-279 advisory. NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may le...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-122 (ALASKERNEL-5.4-2026-122)
The version of kernel installed on the remote host is prior to 5.4.302-224.471. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-122 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-119 (ALASKERNEL-5.10-2026-119)
The version of kernel installed on the remote host is prior to 5.10.253-252.1016. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-119 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag...
Amazon Linux 2 : kernel, --advisory ALAS2-2026-3307 (ALAS-2026-3307)
The version of kernel installed on the remote host is prior to 4.14.355-282.729. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3307 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...
Amazon Linux 2023 : cuda-toolkit (ALAS2023NVIDIA-2026-278)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-278 advisory. NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may le...
Important: python-pip
Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...
CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
CVE-2026-44308
Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...
Using Bedrock with Claude Code? Your AWS Credentials Are Shared With Every Subprocess
Many developers today are using Claude Code, with a growing portion running it through Amazon Bedrock. For enterprise teams, Bedrock offers major advantages: keeping data inside a VPC, leveraging AWS credits, and integrating with existing IAM controls, monitoring, and security policies. Bedrock...
CVE-2026-44308
Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...
ai.starlake:spark-redshift_2.13 (>=6.5.0 <=6.5.1), ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15) +87 more potentially affected by CVE-2026-8178 via com.amazon.redshift:redshift-jdbc42 (>=2.0.0.3 <=2.2.1)
com.amazon.redshift:redshift-jdbc42 MAVEN version =2.0.0.3, =6.5.0, =1.5.8, =2025.34.3, =0.293, =0.293, =5.0.0, =5.1.0, =1.3.0, =1.19.1891, =0.1.15-alpha, =0.1.15-alpha, =0.1.15-alpha, =3.2.171, =6.0.0-spark3.3, =6.6.0-spark3.5 and more Source cves: CVE-2026-8178 Source advisory:...
Important: rclone
Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in versio...
Important: thunderbird
Issue Overview: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. CVE-2026-7321 Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and...