47432 matches found
RLSA-2025:22760 Important: abrt security update
The Automatic Bug Reporting Tool ABRT recognizes defects in applications and creates bug reports that help maintainers fix the defects. ABRT uses a plug-in system to extend its functionality. Security Fixes: abrt: Command-injection in ABRT leading to local privilege escalation CVE-2025-12744 For...
Malicious code in json-spectaculation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5666b784c76bbb0ecb504b52a7e70d17bfe910ad374f223e53deca3b57021278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @hanssoft/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f83fb38a98b69c322df069a26c495101aa35682df8f83641b00e2ce40a99bd This package is a fork of the WhatsApp library Baileys whose metadata homepage, repository, author points at the upstream @whiskeysockets/baileys,...
CVE-2026-44070
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...
CVE-2026-44050
A heap-based buffer overflow in the CNID daemon commrcv function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service...
CLEANSTART-2026-OD76369 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4
Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-PX23055 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 4.13.1-r0
Multiple security vulnerabilities affect the metacontroller package. These issues are resolved in later releases. See references for individual vulnerability details...
Malicious code in @tiledesk/tiledesk-server (npm)
@tiledesk/tiledesk-server version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the megalodon campaign — a mass GitHub repository backdooring operation targeting CI/CD runner...
CVE-2026-7835
Netatalk 3.0.3–4.4.2 are affected by a format string argument mismatch. The issue (CVE-2026-7835) is fixed in 4.5.0. Debates indicate a remote authenticated attacker could cause a minor denial of service via crafted input; CVSS indicates Low impact. Recommended remediation: upgrade to Netatalk 4....
CVE-2026-7835 Format string argument mismatch
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...
CVE-2026-44076
CVE-2026-44076 affects Netatalk versions 3.1.0 through 4.4.2, with shell injection via volume path. The issue arises from insufficient sanitization of volume paths and is fixed in 4.4.3. Impact is described as local, with potential for arbitrary code execution by a local privileged user through a...
CVE-2026-44073 seteuid failure ignored in auth modules
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...
CVE-2026-44070
Summary: CVE-2026-44070 affects Netatalk 2.0.0 through 4.4.2, with an unbounded memory reallocation in the charset conversion code. The issue can allow a remote authenticated attacker to cause a minor denial of service, as described by CVE records. Root cause: unbounded realloc in charset convers...
CVE-2026-44062
In Netatalk (versions 2.0.4–4.4.2) a missing o_len bounds check in pull_charset_flags() enables out-of-bounds processing; fixed in 4.4.3 (per NVD). Debian advisory groups the CVE under a security update and recommends upgrading to a secure netatalk package; apply vendor-provided patches (e.g., De...
CVE-2026-44061
CVE-2026-44061 affects Netatalk 1.5.0 through 4.4.2, where DES-ECB authentication exposes a timing side channel. Root cause is the use of DES-ECB for authentication, enabling a remote attacker to glean credentials via timing analysis; the issue is mitigated by upgrading to Netatalk 4.5.0 or later...
EUVD-2026-31236
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...
CVE-2026-44060 Integer underflow in dsi_writeinit() leads to denial of service
An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...
CVE-2026-44058 Authentication bypass via admin auth user
An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism...
CVE-2026-44056
CVE-2026-44056 affects Netatalk 1.3 through 4.2.2, where a stack-based buffer overflow occurs in the desktop.c component. The underlying issue is a stack overflow that can be triggered by the affected code path, with the public description indicating a vulnerability that can lead to a denial of s...
CVE-2026-44055
Netatalk 3.1.4–4.4.2 contains a bitwise OR/logic bug that permits shell injection. The issue affects Netatalk’s AFP implementation and can lead to remote command execution (high impact). Fixed in version 4.4.3. Affected: Netatalk 3.1.4–4.4.2; Remediation: upgrade to 4.4.3 or later. Exploitation s...