CVE-2025-69651

CVE-2025-69651 affects GNU Binutils through version 2.46, specifically the readelf component. The vulnerability arises from an invalid pointer free when parsing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations exits early, the internal all_relocations array may b...

GNU BinUtils 安全漏洞

GNU BinUtils is a set of programming tools for processing binary files in the GNU community in the United States. Versions of GNU BinUtils prior to version 2.46 contained security vulnerabilities, which were caused by logical processing flaws in handling specially crafted binary files. These flaw...

NewStart CGSL MAIN 6.06 (SP) : gcc Vulnerability (NS-SA-2026-0008)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has gcc packages installed that are affected by a vulnerability: - The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the...

TencentOS Server 4: tar (TSSA-2026:0104)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0104 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.0.2)

The version of AHV installed on the remote host is prior to AHV-11.0.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.0.2 advisory. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust...

[SECURITY] Fedora 42 Update: avr-binutils-2.45-4.fc42.1

This is a Cross Compiling version of GNU binutils, which can be used to assemble and link binaries for the avr platform, instead of for the native i386 platform...

OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode

Summary In OpenClaw, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations in allowlist mode, allowing approval-free execution paths that should require approval. Affected Packages / Versions - Ecosystem: npm - Package: openclaw - Latest published version...

Exploit for Argument Injection in Gnu Inetutils

telnetd Idk wh...

SUSE CVE-2026-3441

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this...

GNU binutils Vulnerable to Memory Corruption via Heap-Based Buffer Overflow in 'elf_swap_shdr()' Function

binutils contains a heap-based buffer overflow vulnerability in its Linker component. A local attacker could exploit this by passing a maliciously crafted payload to a victim, which when executed could result in serious impacts to system confidentiality, integrity and availability...

SUSE-SU-2026:0741-1 Security update for shim

This update for shim fixes the following issues: shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevelVariable.txt: minor typo fix. - Realloc needs to...

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

EUVD-2026-9000

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...

CVE-2026-28372

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...

CVE-2026-28372

CVE-2026-28372 affects telnetd in GNU inetutils up to version 2.7. The root cause is that login(1) in util-linux 2.40 added systemd service credentials support, enabling a local unprivileged user to influence the CREDENTIALS_DIRECTORY environment variable and create a login.noauth file, which can...

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

PT-2026-24669

Summary In OpenClaw, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations in allowlist mode, allowing approval-free execution paths that should require approval. Affected Packages / Versions - Ecosystem: npm - Package: openclaw - Latest published version...

CVE-2026-28372

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...

GNU Inetutils 安全漏洞

GNU Inetutils are a set of common network programs from the GNU community in the United States. Versions of GNU Inetutils 2.7 and earlier contained security vulnerabilities, which were caused by defects in the telnetd program, potentially leading to privilege escalation...

gnupg2 security update

An update is available for gnupg2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating...