Lucene search
K

5087 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in binutils

A vulnerability was identified in GNU Binutils 2.45. The affected component is the elfx8664relocatesection function in the file elf64-x86-64.c of the Linker component. This vulnerability causes a heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly...

5.5CVSS5.5AI score0.0022EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in binutils

It has been discovered that GNU Binutils prior to version 2.40 contains a vulnerability involving excessive memory consumption, caused by the loadseparatedebugfiles function in dwarf2.c. An attacker could provide a crafted ELF file and trigger a DNS attack...

5.5CVSS5.3AI score0.00483EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in binutils

Heap buffer overflow vulnerability in binutils’ readelf before version 2.40, caused by the displaydebugsection function in the readelf.c file...

7.8CVSS5.6AI score0.00513EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fixed the memory leak in the elf header buffer. This issue was reported by the kmemleak detector: Unreferenced object 0xffffc900002a9000 size 4096: comm “kexec”, pid 14950, jiffies 4295110793 age 373.951s Hex dump firs...

5.5CVSS6.4AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 2:36 a.m.9 views

MAL-2026-4652 Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 12:22 a.m.13 views

Malicious code in crypto-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2e9ca362c982e5c75ed96c626b87ca91d85fb6cb52c89c7a8def86851017b8 Package name typosquats the widely-used crypto-js library and mirrors its API surface, README, and repository references to appear legitimate...

5.6AI score
Exploits0References5
OSV
OSV
added 2026/05/20 12:22 a.m.9 views

MAL-2026-4542 Malicious code in crypto-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2e9ca362c982e5c75ed96c626b87ca91d85fb6cb52c89c7a8def86851017b8 Package name typosquats the widely-used crypto-js library and mirrors its API surface, README, and repository references to appear legitimate...

5.6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/18 5:56 p.m.23 views

OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent

Summary OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. Details...

5.5CVSS5.9AI score0.00162EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/18 8:31 a.m.10 views

CLSA-2026-1779093100 binutils: Fix of 6 CVEs

CVE-2022-38533: fix heap buffer overflow in bfdgetl32 from stripmain with crafted COFF file - CVE-2022-47007: fix memory leak in stabdemanglev3arg in stabs.c - CVE-2022-47008: fix memory leak in maketempdir and maketempname in bucomm.c - CVE-2022-47010: fix memory leak in prfunctiontype in...

6.5CVSS6.8AI score0.00895EPSS
Exploits4References1
OSV
OSV
added 2026/05/16 12:8 a.m.11 views

OSV-2026-744 Heap-double-free in _dwarf_destruct_elf_nlaccess

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513032442 Crash type: Heap-double-free Crash state: dwarfdestructelfnlaccess dwarfelfnlsetup dwarfinitpathdla...

5.8AI score
Exploits0References1
Amazon
Amazon
added 2026/05/15 12:0 a.m.17 views

Medium: cuda-toolkit

Issue Overview: NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service. CVE-2024-0110 Affected Packages:...

7.8CVSS7.4AI score0.00234EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.10 views

Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2026-279)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-279 advisory. NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may le...

7.8CVSS5.9AI score0.00234EPSS
Exploits0References4
OSV
OSV
added 2026/05/13 8:15 a.m.12 views

CLSA-2026-1778660100 binutils: Fix of CVE-2022-48063

CVE-2022-48063: fix excessive memory allocation in loadspecificdebugsection for corrupt ELF...

5.5CVSS6.7AI score0.00483EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:0 a.m.14 views

Malicious code in iceberg-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:0 a.m.32 views

Malicious code in microsoft-applicationinsights-common (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:0 a.m.13 views

Malicious code in supabase-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.9 views

MAL-2026-3650 Malicious code in microsoft-applicationinsights-common (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.11 views

MAL-2026-3648 Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.14 views

MAL-2026-3652 Malicious code in supabase-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.5 views

MAL-2026-3649 Malicious code in iceberg-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
Rows per page
Query Builder