573 matches found
Malicious code in @lodash-en/lodash-en (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6739 Malicious code in @lodash-en/lodash-en (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Oracle Linux 9 : kernel (ELSA-2026-27789)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...
RLSA-2026:27789 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free vi...
CVE-2026-53177
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...
CVE-2026-53177 bnxt_en: Fix NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...
CVE-2026-53177
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...
EUVD-2026-39268
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...
RockyLinux 9 : kernel (RLSA-2026:27789)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...
kernel: bnxt_en: Fix RSS context delete logic
A flaw was found in the bnxten driver of the Linux kernel. An issue in the RSS Receive Side Scaling context deletion logic can lead to a leak of VNICs Virtual Network Interface Controllers in the firmware. This can cause subsequent attempts to create new VNICs to fail, resulting in the loss of...
Malicious code in picnic-react-mise-en-place (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d57f4579f4e0842567d9e59bfa74af355f457cbfdfeabe0f65a9e6952f79aa34 The OpenSSF Package Analysis project identified 'picnic-react-mise-en-place' @ 9999.0.0 npm as malicious. It is considered malicious because: -...
MAL-2026-5122 Malicious code in picnic-react-mise-en-place (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d57f4579f4e0842567d9e59bfa74af355f457cbfdfeabe0f65a9e6952f79aa34 The OpenSSF Package Analysis project identified 'picnic-react-mise-en-place' @ 9999.0.0 npm as malicious. It is considered malicious because: -...
Malicious Package
Overview git-en-boite-inventory is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in git-en-boite-inventory (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ce51f21e43fe31cbc2ad9ea659087abadc9eeba578dbb559ab1443392af44a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx4en: A use-after-free bug has been fixed in mlx4entryallocresources. In mlx4entryallocresources, mlx4encopypriv is called, and tmp-txcq will be freed during the error path of mlx4encopypriv. After that, mlx4enallocresource...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed null pointer dereference in bnxtbstracecheckwrap. With older firmware versions, we might encounter the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for the FW trace data type that has not been initialized. This could lead to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: The backing store type is set based on the query type. The bnxthwrmfuncbackingstoreqcapsv2 function stores resp-type from the firmware response in ctxm-type. This value is then used to index fixed backing-store metadata...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data. The driver needs to keep track of all possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256, and the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: fixed a memory leak in bnxtnvmtest Free the kzalloc’ed buffer before returning on the success path...