Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

PT-2026-24611

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

Istio parameter injection vulnerability

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.2 have a parameter injection vulnerability. This vulnerability stems from the ability to inject iptables rules through annotations, thereby changing the firewall’s behavior...

EUVD-2025-205215

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF on kernel BO VA nodes If the MMU is down, panthorvmunmaprange might return an error. We expect the page table to be updated still, and if the MMU is blocked, the rest of the GPU should be blocked too, so no...

Fedora 43 : mupen64plus (2025-123e2abe71)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-123e2abe71 advisory. Patch CVE-2025-29366 and CVE-2025-29366 There should be no change in behaviour. Tenable has extracted the preceding description block directly from the Fedor...

EUVD-2022-50908

Malicious code in bioql PyPI...

EUVD-2025-10377

Malicious code in bioql PyPI...

EUVD-2022-52808

Malicious code in bioql PyPI...

Siemens BFCClient

SUMMARY Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to...

SUSE-RU-2025:20460-1 Recommended update for gpg2

This update for gpg2 fixes the following issues: This reverts the CVE-2025-30258 fix, as it changed behaviour when using expired keys...

Google Rejection Page Text Injection

Google's unusual traffic activity page appears to allow for text injection but cross site scripting is mitigated. The page https://www.google.com/sorry/index is familiar to Tor and VPN users. It is the one that says "Our systems have detected unusual traffic from your computer network. Please try...

kernel: mm: cachestat: fix folio read-after-free in cache walk

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to...

dbt has an implicit override for built-in materializations from installed packages

Impact What kind of vulnerability is it? Who is impacted? When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also mean...

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

SUSE CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency's Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

Policy data may be lost when a CVAD site is upgraded from an older version to 2311 or 2402

Citrix group policies may fail to appear in Studio post upgrade to CVAD Versions 2311 or 2402, and on Citrix DaaS. VDAs that expect the missing policies to be applied may behave differently...

CVE-2023-6154

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...

CVE-2021-46945 ext4: always panic when errors=panic is specified

In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 "ext4: make ext4abort use ext4error", the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2. mount /dev/sd...

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...