Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ima: Fixed a potential integer overflow in imaappraisemeasurement. When ima-modsig is enabled, the rc parameter passed to evmverifyxattr may be negative, which could lead to an integer overflow issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: ti: j721e-evm: Fixed a refcount leak in the j721esocprobe. In the parsephandle function, a node pointer is returned with a refcount incremented. We should use ofnodeput on it when it is no longer needed. Added the missing...

Malicious Package

Overview evm-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in evm-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a7489773ccf098f6a3fd266658caa0ef6b48978619a9786e69b43db94758c7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3726 Malicious code in evm-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a7489773ccf098f6a3fd266658caa0ef6b48978619a9786e69b43db94758c7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: ARM: davinci: da850evm: Avoid NULL pointer dereferencing In newer versions of GCC, a panic occurs in da850evmconfigemac when booting multiv5defconfig in QEMU under the palmetto-bmc machine. The issue arises from attempting to...

Malicious code in chai-as-evm (npm)

chai-as-evm is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

MAL-2026-2889 Malicious code in chai-as-evm (npm)

chai-as-evm is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/FAWPU and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

@tetherto/wdk-protocol-swap-velora-evm (=1.0.0-beta.4), @velora-dex/widget (>=0.2.0 <=0.6.0) potentially affected by unknown CVE via @velora-dex/sdk (>=9.0.0 <=9.4.1-dev.2)

@velora-dex/sdk NPM version =9.0.0, =0.2.0, =0.6.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2510...

Cosmos EVM: incorrect state handling during nested EVM execution paths

Advisory ID: ASA-2026-002 Component: ICS20 Precompile Status: Resolved Published: March 2026 Contact: [email protected] --- Security Advisory ASA-2026-002 Status: Resolved. A patch is available and all known affected chains have either applied mitigations or upgraded. | Field | Value | | ---...

GHSA-54GX-3CGR-7MFM Cosmos EVM: incorrect state handling during nested EVM execution paths

Advisory ID: ASA-2026-002 Component: ICS20 Precompile Status: Resolved Published: March 2026 Contact: [email protected] --- Security Advisory ASA-2026-002 Status: Resolved. A patch is available and all known affected chains have either applied mitigations or upgraded. | Field | Value | | ---...

`uniswap-utils` was removed from crates.io for malicious code

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...

GHSA-X468-PHR8-H3P3 `uniswap-utils` was removed from crates.io for malicious code

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...

GHSA-6662-54XR-8423 `evm-units` was removed from crates.io for malicious code

It appeared to be attempting to steal cryptocurrency...

`evm-units` was removed from crates.io for malicious code

It appeared to be attempting to steal cryptocurrency...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003094 advisory. The evmverifyhmac function in security/integrity/evm/evmmain.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002286)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002286 advisory. The evmupdateevmxattr function in security/integrity/evm/evmcrypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module EVM is enabled, allows...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002454)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002454 advisory. The evmverifyhmac function in security/integrity/evm/evmmain.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to...

CVE-2022-31111

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...

Malicious code in evm-gateway-contracts-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d7fcec6a0025a21ed0b14bdd643dc22965e7c3ccd6dee0bfa6bf3285b97aac The package evm-gateway-contracts-private was found to contain malicious code. Source: ghsa-malware...