MAL-2026-6 Malicious code in ziphash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e9a36a54bad10e0f086740a84fd0a837dd4bf1cc9c3c0707648af4bb3855a03e During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

SUSE-RU-2026:20056-1 Recommended update for shim

This update for shim fixes the following issues: This update for shim fixes the following issues: shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory -...

[SECURITY] Fedora 42 Update: golang-github-google-wire-0.6.0-14.fc42

Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...

PT-2026-26123

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A page array leak existed in the io uring/zcrx functionality of the Linux kernel. A previous fix addressed a page leakage issue but failed to release the associated page array, leading t...

PT-2026-8116

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the interconnect component related to debugfs handling. Specifically, the src node and dst node variables were not initialized before being used...

PT-2026-8155

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the octep device setup function within the Linux kernel. Specifically, if octep ctrl net init fails, the function returns without releasing allocated memory and...

PT-2026-27717

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the freeing of EFI boot services memory. The efi free boot services function incorrectly uses memblock free late to free memory reserved wit...

PT-2026-26579

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the netfilter module, specifically in the xt IDLETIMER component. The problem arises from the reuse of ALARM timer labels by IDLETIMER revision ...

PT-2026-8118

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0 Description A null pointer dereference issue was identified in the SCTP transmit path during SCTP-AUTH key initialization. This occurs when processing an INIT ACK, specifically if sctp auth asoc init active...

PT-2026-26118

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the netdev pointer is not initialized before queue setup in the setup nic devices function. Specifically, the pointer to the network device...

PT-2026-5520

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s idpf driver related to error handling within the init task during driver loading. If the init task fails, the system may lack necessary virtual ports...

PT-2026-27647

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the SMB2 implementation of the Linux kernel where uninitialized variables within the smb2 unlink function can lead to system crashes oops. Specifically, if SMB2 open ini...

PT-2026-6146

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The ctxfi driver in the Linux kernel contains a flaw in the audio mixer handling code. The conf field, used as a loop index, is not properly initialized, leading to potential out-of-boun...

PT-2026-6111

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19-rc3 Description The Broadcom network driver in the Linux kernel contains a flaw related to PTP Precision Time Protocol handling. Specifically, a NULL pointer dereference can occur in the bnxt ptp enable...

PT-2026-6749

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 Description Asterisk is a private branch exchange and telephony...

PT-2026-27727

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s CAN Controller Area Network subsystem, specifically within the Broadcom CAN bcm driver. A missing spinlock initialization in the bcm rx setup function...

PT-2026-8135

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the bpf subsystem, specifically within the test run functionality. A failure to properly account for the size of the xdp frame structure when...

K000158972: Linux kernel (nilfs) vulnerability CVE-2022-50367

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode return...

CVE-2022-50885

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...

CVE-2025-15220

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be...