6527 matches found
GHSA-QM9X-V7CX-7RQ4 OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper
Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-...
GHSA-WQ58-2PVG-5H4F OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers
Summary Before v2026.3.23, the Gateway agent RPC accepted /reset and /new for callers with only operator.write, even though the direct sessions.reset RPC correctly requires operator.admin. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 - Latest released tag checked:...
GHSA-6MQC-JQH6-X8FC OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Summary Before v2026.3.23, Canvas and A2UI loopback requests could bypass Canvas bearer-or-capability authentication because authorizeCanvasRequest... treated isLocalDirectRequest... as an unconditional allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 -...
OpenClaw: Plivo V2 verified replay identity drifts on query-only variants
Summary Before v2026.3.23, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate baseUrl + nonce, but the replay key was derived from the full verification URL including the query string, so unsigned query-on...
Fedora 44 : libopenmpt (2026-b58c5b3cc0)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b58c5b3cc0 advisory. Update from 0.8.5 to 0.8.6 to fix regression: https://lib.openmpt.org/libopenmpt/2026/03/24/security-updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/ ---- Potentia...
FreeBSD-SA-26:09.pf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:09.pf Security Advisory The FreeBSD Project Topic: pf silently ignores certain rules Category: core Module: pf Announced: 2026-03-25 Credits: Michael Gmelin...
CVE-2026-23360
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
FreeBSD -- pf silently ignores certain rules
Problem Description: A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed...
SUSE-SU-2026:0976-1 Security update for go1.26-openssl
This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...
Fedora 42 : scitokens-cpp (2026-a6d1791c49)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a6d1791c49 advisory. - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded...
Fedora 44 : scitokens-cpp (2026-176625c3fc)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-176625c3fc advisory. - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded...
Fedora 43 : scitokens-cpp (2026-52c99ecf64)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-52c99ecf64 advisory. - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded...
[SECURITY] [DLA 4504-1] libvirt security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4504-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 20, 2026 https://wiki.debian.org/LTS -...
USN-8105-2: FreeRDP regression
USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attack...
USN-8105-2 freerdp3 regression
USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attack...
USN-8103-2: Exiv2 regression
USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle...
USN-8103-2 exiv2 regression
USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle...
USN-8102-2: snapd regression
USN-8102-1 fixed a vulnerability in snapd. The update caused a regresision for Ubuntu 24.04 LTS while installing the package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that snapd incorrectly handled certain operations in the...
USN-8102-2 snapd regression
USN-8102-1 fixed a vulnerability in snapd. The update caused a regresision for Ubuntu 24.04 LTS while installing the package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that snapd incorrectly handled certain operations in the...
USN-8087-2: python-cryptography regression
USN-8087-1 fixed a vulnerability in python-cryptography. The update caused a regression when using ECC algorithms with certain software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-cryptography incorrectly handled...