Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent lpfcdebugfslockstatwrite buffer overflow A static code analysis tool identified the possibility of buffer overflow when using copyfromuser for a debugfs entry. Currently, it is possible that copyfromuser copie...

MAL-2026-6200 Malicious code in assert-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21fa9c37e9944a00f7e85c7476f8fd4dc6bcd1f8fcd064a90488ef93d5bd12 [email protected] impersonates the chai assertion library bundles chai's source, contributors, and API surface under a different author and homepage...

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

Malicious code in @mastra/convex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acae13d27edf4e66aa693ee00ce3df3eb508a09c9bf7a9b934a9d3804653f3ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6015 Malicious code in @mastra/deployer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbd99dea462f2f28099ae0f57cd6c89edd76f08476cd9a6265b1c23defcd2b23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/sentry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a90a9fe05b300ccd70f99da266200500c5b05657bf9fbc3bee7d0f1ceeecbce0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-46944

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-18 15:37:06+00:00| seen|...

Malicious code in check-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea848e496c2022409208a3e4a7d9b364c9437699a15554a5a1ee953d4428f230 check-ulid is a typosquat of the legitimate ulid package README is copied verbatim, homepage and bugs link to github.com/ulid/javascript whose...

Malicious code in fabric-graphics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a0e1c67eb156113685783efe75a2bd26718f6dcb5b63ece1f47ec01098f71fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in npmjs-doc-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e75a4fc474b58b6d7226e8448d6c909312baf7aff6e9587188cc56a2a5dface Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5853 Malicious code in sp-api-dev-assistant-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41506fcb0f329d1b260c8aea68fe27eb7b648576521da211f366dc49459bc388 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vemos-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4dbc534054236541dc79f97538525221204d7e83cea2c28b496c0f6bedf70ee7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5844 Malicious code in numdifftools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c6d98d619244a4f34ba9c2ed85023e35f4064b0a45871edac806d1e8cdeff11 The npm package numdifftools is an empty shell zero-byte index.js that exists solely to fire a preinstall lifecycle hook. The hook runs node -e to...

Malicious code in vite-enhancer-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f95dc5a82c03457cbfab461f0b1775f3918589db6ac513342a1ec0dc1aacc1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MINI-PC69-54FP-RW55

Bulletin has no description...

MINI-PPC6-VHH8-6F4P

Bulletin has no description...

MAL-2026-5690 Malicious code in ecto-spectral-leak-8d4e2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...

CVE-2026-11847

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths...

CVE-2026-11846

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

EUVD-2026-36407

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths...