1340 matches found
Malicious Package
Overview @service-suppliers/fetch-initial-suppliers-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between...
Malicious Package
Overview @service-suppliers/fetchinitialsuppliersactionsaga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
SUSE CVE-2026-45926
In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchipalloc, the allocated device owns an initial reference that must be released on all error paths. If pinnedinit were to fail, the allocate...
PT-2026-44456
Name of the Vulnerable Software and Affected Versions Tapo L535E versions 1.0 and 3.0 Tapo P300 version 1.0 Tapo D100C version 1.0 Description Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. An attacker within Bluetooth range could use sniffi...
UBUNTU-CVE-2026-45926
In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchipalloc, the allocated device owns an initial reference that must be released on all error paths. If pinnedinit were to fail, the allocate...
CVE-2026-46028 crypto: algif_aead - snapshot IV for async AEAD requests
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...
Release Information for Veeam Backup for AWS 10.1
Requirements Please confirm that you are running version Veeam Backup for AWS 10 build 10.0.0.232 or later before upgrading. You can find the currently installed build number Product version in the About section under Configuration | Support Information | Updates. After installing Veeam Backup fo...
Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement
The first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensions to increasingly aggressive ransomware operations, the latest quarterly...
PT-2026-42682
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description An authenticated attacker can perform Server-Side Request Forgery SSRF by supplying a URL to the 'parse urls' API endpoint that points to a server under their control. This server can respond...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: m68k: The handling of phystovirt after pageinginit has been moved. When booting with an initial ramdisk on platforms where physical memory does not start at address zero e.g., on the Amiga: c initrd: 0ef0602c - 0f800000 Zone...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/sched: schfq: fix integer overflow of “credit” If schfq is configured with “initial quantum” having values greater than INTMAX, the first assignment of “credit” will cause signed integer overflow to a very negative value. In...
Astra Linux - уязвимость в edk2
EDK2’s Network Package is vulnerable to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of confidentiality...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ns: Initialize nslistnode for initial namespaces. Ensure that the list is always initialized for initial namespaces...
Astra Linux - уязвимость в tomcat9
There is a vulnerability related to uncontrolled resource consumption in Apache Tomcat, especially when an HTTP/2 client does not acknowledge the initial settings frame that reduces the maximum number of concurrent streams allowed. This issue affects Apache Tomcat versions from 11.0.0-M1 through...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: qibfs: fixed another leak. Failure to allocate inode = leaked dentry… This issue existed since the initial merge. To be fair, if we encounter an OOM situation, the chances of failing at that specific allocation are low...
Astra Linux - уязвимость в heimdal
Before version 7.7.1, Heimdal allowed attackers to cause a NULL pointer dereference in an SPNEGO acceptor, by using a preferredmechtype of GSSCNOOID and a non-zero initialresponse value for sendaccept...
PT-2026-42129
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description An issue exists in the jostle logic that can degrade resolution performance. When the num-queries-per-thread limit is reached, the jostle logic identifies slow-resolving queries for...
dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...
dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...
Important: dovecot security update
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...