Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-118 (ALASDOCKER-2026-118)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-118 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in Oracle Java SE Component: Compiler. The supported versions affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. This vulnerability is difficult to exploit, allowing an unauthenticated attacker with network access via multiple protocols to compromise...

BIT-JAVA-2025-30691

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

PT-2026-37830

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

Important: containerd

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Amazon Linux 2023 : docker (ALAS2023-2026-1615)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1615 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

EUVD-2026-16319

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrary code by providing a specially crafted Zen C sour...

Zen C 缓冲区错误漏洞

Zen C is a modern system programming language developed by z-libs. Versions of Zen C prior to 0.4.4 contained a buffer error vulnerability. This vulnerability stemmed from a stack-based buffer overflow in the compiler, which could lead to compiler crashes or the execution of arbitrary code...

Zen C 操作系统命令注入漏洞

Zen C is a modern system programming language developed by z-libs. Versions of Zen C prior to 0.4.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the compiler’s main application logic, where the system function was used to execute...

ca.dataedu:savro_2.12 (>=0.9.1 <=0.12.1), ca.dataedu:savro_2.13 (>=0.9.1 <=0.12.1) +94 more potentially affected by CVE-2025-33042 via org.apache.avro:avro-compiler (>=1.10.0 <=1.11.4)

org.apache.avro:avro-compiler MAVEN version =1.10.0, =0.9.1, =0.9.1, =1.0.0, =1.0.0, =0.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.4.3, =3.4.4 - com.github.thake.avro4k:avro4k-maven-plugin =0.5.0 and more Source cves: CVE-2025-33042 Source advisory: SNYK:JAVA-ORGAPACHEAVRO-15282783...

CVE-2025-13669

Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3...

CVE-2025-13670 High Level Synthesis Compiler Security Advisory

The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability...

CVE-2025-13670

Technical details (affected version, root cause, exploitability, and fixes) are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

CVE-2025-50360

A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file.pr could lead to arbitrary code execution or Denial of Service...

EUVD-2017-18702

Malware in sbrugna...

EUVD-2021-22720

Malware in sbrugna...

EUVD-2003-0479

Malware in sbrugna...

EUVD-2017-18709

Malware in sbrugna...

EUVD-2025-11058

Malicious code in bioql PyPI...