Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Timekeeping: The leap state of the auxiliary timekeeper must be adjusted to the correct value. When the doajdtimex function was introduced to handle adjtimex for any timekeeper, this reference to tkcore was not updated. When this...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: spi: spi-qpic-snand: reallocation of BAM transactions Using the mtdnandbiterrs module to test the driver occasionally results in unexpected behaviors, as shown below. 1. The swiotlb mapping fails with the following message:...

Wireshark 2.2.x < 2.2.14 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.14. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.14 advisory. - The MP4 dissector could crash. It may be possible to make Wireshark crash by injecting a malformed...

CVE-2026-6276

A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom Host: header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new Host: header. This can lead to libcurl incorrectly sending cookies intended...

SUSE CVE-2026-31688

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

oci-utils security update

-- 0.14.0-21 - Update the debugging log file path. Orabug: 39250938...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the exposure of dm-crypt key bytes during debugging log recording...

TP-Link TL-WR841N 安全漏洞

The TP-Link TL-WR841N is a router produced by the TP-Link company. The TP-Link TL-WR841N v13 version has a security vulnerability. This vulnerability stems from the use of DES-CBC encryption in the TDDPv2 debugging protocol, where the key is predictable. This could allow unauthorized attackers to...

TLSCheck 2.0: An Enhanced Memory Forensics Approach to Efficiently Detect TLS Callbacks

Memory analysis is a crucial technique in digital forensics that enables investigators to examine the runtime state of a system through physical memory dumps. While significant advances have been made in memory forensics, the detection and analysis of Thread Local Storage TLS callbacks remain...

RLSA-2026:8842 Important: delve security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

Anviz CX7和Anviz CX2 Lite 安全漏洞

Both Anviz CX7 and Anviz CX2 Lite are products of the American company Anviz. The Anviz CX7 is a smart terminal device integrated with biometric identification and access control functions. The Anviz CX2 Lite is also a smart terminal device that integrates face recognition and access control...

Anviz CX2 Lite 安全漏洞

The Anviz CX2 Lite is an intelligent terminal device from the American company Anviz, featuring integrated face recognition and access control functions. The Anviz CX2 Lite has a security vulnerability; this vulnerability stems from POST requests that lack authentication, allowing for modificatio...

BIT-PYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

EUVD-2026-22913

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

GHSA-27H3-CRW2-Q36W SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

SUSE CVE-2026-5713

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /debugging/config/dump endpoint if there are second level Properties objects in the configuration. An attacker can obtain sensitive configuration details, including database credentials, by sending requests ...

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

CVE-2026-30778 Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

Apache SkyWalking 安全漏洞

Apache SkyWalking is an application performance monitor developed by the Apache Foundation in the United States. It is primarily used for applications in microservices, cloud-native environments, and container-based systems. Versions of Apache SkyWalking starting from 10.3.0 contain security...