Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tipc: The process of creating a BC link has been moved back to tipcnodecreate. Shuang Li reported a NULL pointer dereference crash: - Bug: NULL pointer dereference in the kernel; address: 0000000000000068 - RIP: 0010:...

ROOT-APP-MAVEN-CVE-2025-8885 CVE-2025-8885 in io.root.org.bouncycastle:bc-fips - Patched by Root

Root has patched CVE-2025-8885 in the io.root.org.bouncycastle:bc-fips package for Root:Maven. Multiple fixed versions available...

Malicious code in @att-ebiz/abs-components-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8d1b46db555fda7536bcf080f9dfd0ceed5c731f7a96b2579121598dad6721 Package @att-ebiz/[email protected] is an empty placeholder published to public npm under a scope @att-ebiz that matches AT&T's internal...

MAL-2026-5153 Malicious code in @att-ebiz/abs-components-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8d1b46db555fda7536bcf080f9dfd0ceed5c731f7a96b2579121598dad6721 Package @att-ebiz/[email protected] is an empty placeholder published to public npm under a scope @att-ebiz that matches AT&T's internal...

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +781 more potentially affected by CVE-2026-48523 via pyjwt (>=2.0.0 <=2.12.1)

pyjwt PYPI version =2.0.0, =0.5.3, =0.0.1a0, =1.1.1, =0.1.0, =0.1.1, =0.1.31, =0.1.0, =1.5.0, =0.1.0, =0.2.9, =0.5.0, =1.89.5, =1.420.4 and more Source cves: CVE-2026-48523 Source advisory: SNYK:PYTHON-PYJWT-17054902...

360solutions-bc-mcp (>=0.5.3 <=0.5.6), ariadne (>=0.17.0 <=0.17.1b1) +24 more potentially affected by CVE-2026-48710 via starlette (>=1.0.0 <=1.0.0rc1)

starlette PYPI version =1.0.0, =0.5.3, =0.17.0, =7.2.0, =0.21.0, =1.9.13, =0.8.1, =1.1.2, =0.8.1, =2.10.0, =0.0.1a25, =0.0.1a78 - pioarduino =6.1.19 and more Source cves: CVE-2026-48710 Source advisory: SNYK:PYTHON-STARLETTE-16881242...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Treat all calls as non-bcalls when bcserv is NULL. When a RDMA server returns a fault format reply, the NFS v3 client may treat it as a bcall when the bc service does not exist. The debug message from rpcrdmabcreceiveca...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Binder: Make sure that fd closes completely. During the processing of BCFREEBUFFER, the BINDERTYPEFDA object cleanup may close one or more fds. The close operations are completed using the task work mechanism—which means that the...

Covert timing channel vulnerability at Bouncy Castle dependency at Crucible Server

This High severity Covert timing channel vulnerability was introduced in version 4.9.0 of Crucible Server. Atlassian recommends that Crucible Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crucible Da...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Fixed out-of-range access to bc-domains. Out-of-range access to bc-domains in imx8mblkctrlremove has been fixed...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-31662

In the Linux kernel, the following vulnerability has been resolved: tipc: fix bcackers underflow on duplicate GRPACKMSG The GRPACKMSG handler in tipcgroupprotorcv currently decrements bcackers on every inbound group ACK, even when the same member has already acknowledged the current broadcast...

EUVD-2026-22872

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. Non-constant time comparisons risk private key leakage in FrodoKEM. This issue affects BC-JAVA: from 2.17.3 before 1.84...

SUSE CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

SUSE CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

CVE-2026-0636 LDAP Injection Vulnerability in LDAPStoreHelper.java

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...