Xen: x86 HVM I/O Port List Traversal (XSA-491)

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

Xen: x86 Mismatched Mapcache Metadata (XSA-494)

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache. This can result in privilege escalation, Denial of Servi...

[SECURITY] [DSA 6335-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6335-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2026 https://www.debian.org/security/faq -...

x86: mismatched mapcache metadata

ISSUE DESCRIPTION Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache. IMPACT Privilege escalation, Denial of...

x86 HVM I/O port list traversal

ISSUE DESCRIPTION HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses...

CVE-2026-49187

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

7-Zip 安全漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.18 to 26.00 of 7-Zip contain security vulnerabilities. These vulnerabilities stem from sparse filling of index arrays in the SquashFS archive processor, which allows for uninitialized heap reads, potentially leading to...

7-Zip 缓冲区错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.21 to 26.00 of 7-Zip contain a buffer error vulnerability. This vulnerability stems from a boundary violation in the ParseDepedencyExpression function of the UEFI firmware image parser, which may lead to denial-of-service...

CVE-2026-49187

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

CVE-2026-49187

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

EUVD-2026-34204

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

PT-2026-46144

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the hardcoded nature of the APK resource files, which are never expired and share credentials, potentially leading to informati...

libxls 安全漏洞

libxls is an open-source C library for reading old binary OLE format Excel files. Version 1.6.3 of libxls contains a security vulnerability. This vulnerability stems from the use of uninitialized memory during the parsing of malformed XLS files, which may lead to undefined behavior, parsing error...

[SECURITY] [DLA 4607-1] linux-6.1 security update

Debian LTS Advisory DLA-4607-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings May 29, 2026 https://wiki.debian.org/LTS Package : linux-6.1 Version : 6.1.174-1deb11u1 CVE ID : CVE-2026-43503 CVE-2026-46174 CVE-2026-46300 Several vulnerabilities have been discovered ...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based error tracking and project management software developed by Czech company JetBrains. This software features error tracking, workflow creation, and project progress monitoring. Versions of JetBrains YouTrack prior to 2026.1.13162 contained security...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based error tracking and project management software developed by Czech company JetBrains. This software features error tracking, the ability to create workflows, and monitoring of project progress. Versions of JetBrains YouTrack prior to 2026.1.13162 contained...

Debian dla-4607 : linux-config-6.1 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4607 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4607-1 [email protected]...