181 matches found
SUSE-SU-2026:21208-1 Security update for dovecot24
This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the SslBundle.getBundle function. When the spring.ssl.bundle property name is not empty configuration is silently changed to the default SSL configuration. Remediation Upgrade...
GHSA-WPC6-37G7-8Q4W OpenClaw: Shell init-file options could satisfy exec allowlist script matching
Summary Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even...
Always-Incorrect Control Flow Implementation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation via the onboarding process. An attacker can obtain gateway credentials by leveraging a scenario where a previously discovered endpoint persist...
OpenClaw gateway exec allow-always over-trusts positional carrier executables
Summary Allow-always persistence could trust wrapper carrier executables instead of the actual invoked target when commands were routed through dispatch wrappers. Impact A one-time approval could persist a broader future allowlist entry than the operator intended, weakening execution approval...
GHSA-P4X4-2R7F-WJXG OpenClaw gateway exec allow-always over-trusts positional carrier executables
Summary Allow-always persistence could trust wrapper carrier executables instead of the actual invoked target when commands were routed through dispatch wrappers. Impact A one-time approval could persist a broader future allowlist entry than the operator intended, weakening execution approval...
OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper
Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-...
GHSA-QM9X-V7CX-7RQ4 OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper
Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-...
EUVD-2026-15276
In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...
CVE-2026-23323
In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...
CVE-2026-23323 hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver
In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...
CVE-2026-32900
OpenClaw CVE-2026-32900 affects versions prior to 2026.2.22. The vulnerability is an authorization bypass in allowlist mode due to allow-always persistence at the wrapper level, enabling approval-bypass execution of different payloads. This allows attackers to approve benign wrapped system.run co...
Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6j27-pc5c-m8w8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistenc...
GHSA-PFV5-RPCW-X34X Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6j27-pc5c-m8w8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistenc...
CVE-2026-29607
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign...
CVE-2026-29607 OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign...
CVE-2026-29607 OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign...
CVE-2026-29607
OpenClaw vulnerability CVE-2026-29607 affects OpenClaw versions prior to 2026.2.22. The flaw is an authorization bypass in the allow-always wrapper persistence, letting an attacker bypass approval checks by persisting wrapper-level allowlist entries instead of validating the inner executable inte...
Cross-Scale Persistence Analysis of EM Side-Channels for Reference-Free Detection of Always-On Hardware Trojans
Always-on hardware Trojans pose a serious challenge to integrated circuit trust, as they remain active during normal operation and are difficult to detect in post-deployment settings without trusted golden references. This paper presents a reference-free detection framework based on cross-scale...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect state handling in nested execution paths involving the ICS20 precompile. An attacker can repeatedly utilize the same token balance within a single transaction by exploiting...