Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.318 Vulnerability Details CVEID:CVE-2020-25576 DESCRIPTION: An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slice...

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the SSE event server being bound to 0.0.0.0:5553 by default, which could allow unauthorized network access...

Silicon Simplicity SDK 安全漏洞

The Silicon Simplicity SDK is an embedded software development platform provided by Silicon Corporation. It is used to build IoT products based on our 2-series and upcoming 3-series wireless and MCU devices. The Silicon Simplicity SDK has a security vulnerability. Attackers can compromise the...

MAL-2026-4596 Malicious code in koishi-plugin-yuan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50280)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50280 advisory. - ptrace: slightly saner 'getdumpable' logic Linus Torvalds Orabug: 39391447 CVE-2026-46333 - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache Jeff...

GHSA-VJ64-RJF3-W3V7 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Impact - Key: challenger/src/multifieldchallenger.rs | MultiField32Challenger::duplexing | transcriptmalleability - Affected files: challenger/src/multifieldchallenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed fiel...

Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Impact - Key: challenger/src/multifieldchallenger.rs | MultiField32Challenger::duplexing | transcriptmalleability - Affected files: challenger/src/multifieldchallenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed fiel...

PT-2026-42645

Impact - Key: challenger/src/multi field challenger.rs | MultiField32Challenger::duplexing | transcript malleability - Affected files: challenger/src/multi field challenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed...

PT-2026-42695

Name of the Vulnerable Software and Affected Versions Plonky3 versions prior to 0.4.3 Plonky3 versions prior to 0.5.3 Description An attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This...

GO-2026-4967 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb...

Malicious code in @rspack-debug/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c05c92aa1796614da12b282390f160fef2a5c63aba9a3257af956c19df341ce5 Package @rspack-debug/[email protected] impersonates the popular @rspack/core bundler. The README, description 'Fast Rust-based bundler for the web with a...

MAL-2026-4428 Malicious code in @rspack-debug/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c05c92aa1796614da12b282390f160fef2a5c63aba9a3257af956c19df341ce5 Package @rspack-debug/[email protected] impersonates the popular @rspack/core bundler. The README, description 'Fast Rust-based bundler for the web with a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: Validate the MTU against the usable frame size when binding. The AFXDP binding currently accepts zero-copy pool configurations without verifying that the device’s MTU fits within the usable frame space provided by the UMEM...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fixed the issue of double module refcount decrementation. Once the discipline is associated with the device, deleting the device will cause the module’s refcount to be decreased. Performing this operation manually alon...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Fixed the issue where the sevreceivestart command failed due to the absence of the decommission step. The current SEV context must be discontinued if binding an ASID fails after a receivestart. According to AMD’s SEV AP...

Astra Linux - уязвимость в slapi-nis

A flaw was discovered in slapi-nis in versions prior to 0.56.7. A NULL pointer dereferencing during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The greatest threat from this vulnerability is to system availability...

Astra Linux - уязвимость в 389-ds-base

When binding against a DN during authentication, the response from 389-ds-base will differ depending on whether the DN exists or not. This can be exploited by an unauthenticated attacker to check the existence of an entry in the LDAP database...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt8183 – Added back the SSPM-related clocks. This change reverts to the commit 860690a93ef23b567f781c1b631623e27190f101. On the MT8183, the SSPM-related clocks were removed due to a claim of lack of usage. However,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open The CI detected a UaF in fbnic within the AFXDP section of the queues.py test. The UaF occurs in the skmarknapiidonce function call in xskbind. The NAPI has been freed. It see...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Do not expire a session when binding fails When a multichannel session binding request fails e.g., due to an incorrect password, the error path unconditionally sets sess-state to SMB2SESSIONEXPIRED. However, during the...