3652 matches found
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...
GHSA-CHQV-56WV-7564 Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...
CVE-2026-45898
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing worklist The commit e1168f0 "RDMA/iwcm: Simplify cmeventhandler" changed the work submission logic to unconditionally call queuework with the expectation that queuework would...
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
Malicious Package
Overview vite-plugin-env-compat-plus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
CVE-2026-43620
A flaw was found in rsync. A malicious rsync server can exploit an out-of-bounds read vulnerability in the recvfiles function. By manipulating compatibility flags and transfer records, the server can cause a connecting client to attempt to read memory outside of allocated bounds. This can lead to...
OPENSUSE-SU-2026:20788-1 Security update for mcphost
This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPUBIGENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM’s integrated assembler would incorrectly byte-swap NOPs when compiling for big-endian, and the resulting bytes happened to match the...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESRELx for a bad syscall If a compat process tries to execute an unknown system call above the ARMNRCOMPATEND number, the kernel sends a SIGILL signal to the offending process...
ALPINE-CVE-2026-43620
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...