794 matches found
RHSA-2026:19187 Red Hat Security Advisory: compat-openssl11 security update
Bulletin has no description...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “comedi”: checking the attached status of devices in compatible IOCTLs. Syzbot identified a issue 1 that causes the kernel to crash, seemingly due to the absence of the callback dev-getvalidroutes. This should never happen, as th...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ftruncate: passing a signed offset. The old ftruncate system call, which uses the 32-bit offt type, misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: idxd: Fixed device leaks during the compat bind and unbind operations. Make sure to remove the references to the idxd device when using the compat bind and unbind sysfs interfaces...
Malicious code in @antv/g-compat (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3913 Malicious code in @antv/g-compat (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-compat (=1.0.11)
@antv/g-compat NPM version =1.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-compat and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.12.0 Source cves: unknow...
@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-compat (=1.0.11)
@antv/g-compat NPM version =1.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-compat and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.12.0 Source cves: unknow...
CVE-2025-66660
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...
org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44290 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)
org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44290 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643420...
org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44288 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)
org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643235...
Symlink Attack
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Symlink Attack via the isPathAllowed path check in lib/resolver-compat.js. An attacker can execute code outside the configured...
SUSE CVE-2026-31781
In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...
CVE-2026-31781
In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...
CVE-2026-31781
CVE-2026-31781 concerns the Linux kernel drm/ioc32 compat ioctl path, where a user-controlled pointer was used to index a table of function pointers (spectre-like pattern). The issue is mitigated by applying array_index_nospec on the index to the function-pointer list, as described in the fix. Co...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: glibc: compat-libpthread-nonshared-2.42-12.hum1 aarch64, x8664 glibc-2.42-12.hum1 aarch64, x8664 glibc-all-langpacks-2.42-12.hum1 aarch64, x8664 glibc-benchtests-2.42-12.hum1 aarch64, x8664...
lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Impact Using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Patches lxml 6.1.0 changes the default to resolveentities='internal', thus disallowing local file access by default. Workarounds Setting the resolveentitie...
MAL-2026-2945 Malicious code in moonbit-locale-compat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d42bb32adb1fb5f388368b9e4ab382bfbc8cd7f62dab4c70a8563a448ce9c2af Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...
Malicious code in moonbit-locale-compat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d42bb32adb1fb5f388368b9e4ab382bfbc8cd7f62dab4c70a8563a448ce9c2af Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +39 more potentially affected by CVE-2026-32690 via apache-airflow (>=3.0.0 <=3.1.8)
apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =0.2.0, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =1.28.0rc1 and more Source cves: CVE-2026-32690 Source advisory: OSV:GHSA-W9R4-94FJ-XP69...