427 matches found
MINI-6HGC-W8XJ-89P5
Bulletin has no description...
MINI-FVC4-HF5H-38H3
Bulletin has no description...
MINI-P97X-PR5W-R5FC
Bulletin has no description...
CLSA-2026-1778267481 Update of kernel-uek
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - xfrm: esp: avoid in-place decrypt on shared skb frags...
RHSA-2026:14216 Red Hat Security Advisory: corosync security update
Bulletin has no description...
CLSA-2026-1778020035 openssl: Fix of CVE-2026-28388
CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...
CVE-2026-7689 Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification
A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...
CVE-2026-7689
Dolibarr ERP/CRM (up to 23.0.2) is affected by a vulnerability in the Online Signature Module versioning, where dol_verifyHash in htdocs/core/lib/security.lib.php mishandles cryptographic signature verification. This allows a remote attacker to potentially leverage a flawed signature check; explo...
ECHO-5A69-95EC-C529
Bulletin has no description...
Malicious code in apple-internal-security-library-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview apple-internal-security-library-v99 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...
Improper Authentication
org.springframework.security:spring-security-oauth2-jose is vulnerable to Improper Authentication. The vulnerability is due to missing configuration of a JWT validator when using NimbusJwtDecoder or NimbusReactiveJwtDecoder, which allows an attacker to bypass token validation with crafted JWTs...
UBUNTU-CVE-2026-42009
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...
firefox security update
140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.10.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.10.0-1 - Update to 140.10.0 ESR...
UBUNTU-CVE-2026-41677
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...
BIT-PYTHON-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...
UBUNTU-CVE-2026-31567
In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARNON from pmrestoregfpmask Commit 35e4a69b2003f "PM: sleep: Allow pmrestrictgfpmask stacking" introduced refcount-based GFP mask management that warns when pmrestoregfpmask is called with savedgfpcount ...
RHSA-2026:8322 Red Hat Security Advisory: rhc security update
Bulletin has no description...
thunderbird security update
140.9.1-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.9.1 - Add OpenELA debranding 140.9.1-1 - Update to 140.9.1 ESR...
LDAP Injection
Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP searc...