CVE-2026-45311

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gpiolib: A crash occurred due to an error in gpiochipgetngpios. The gpiochipgetngpios function uses the chip macros to print messages. However, these macros rely on gpiodev being initialized and set up correctly. This is not the...

Astra Linux - уязвимость в libreoffice

LibreOffice supports digital signatures for ODF documents and macros within documents. It provides visual indicators that confirm that the document has not been altered since the last signature, and that the signature is valid. A vulnerability in certificate validation in LibreOffice allowed...

CVE-2026-42301

A flaw was found in pyp2spec, a tool that generates Fedora RPM spec files for Python projects. This vulnerability allows a malicious Python Package Index PyPI package to execute arbitrary commands on a build machine. This occurs because pyp2spec writes PyPI package metadata, such as the summary...

CVE-2026-42301 Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...

pyp2spec is Vulnerable to Code Injection

Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...

Arbitrary Code Injection

Overview pyp2spec is a Generate a valid Fedora specfile from Python package from PyPI Affected versions of this package are vulnerable to Arbitrary Code Injection in the process of writing package metadata into the generated spec file without escaping RPM macro directives. An attacker can execute...

PT-2026-37196

Name of the Vulnerable Software and Affected Versions pyp2spec versions prior to 0.14.1 Description pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like rpmbuild -bs, rpmbuild --nobuild, ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in fabricatedcboutput, there may be out of bounds access to dacusers array in case dcb-or is zero because ffsdcb-or is used as index there. The 'or...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...

Astra Linux - уязвимость в libreoffice

The Certificate Validation user interface in LibreOffice poses a potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document containing a signed macro is opened, LibreOffice displays a warning before the macr...

[SECURITY] Fedora 43 Update: pyp2spec-0.14.1-1.fc43

pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...

SUSE CVE-2026-31690

In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol driver: 1. Fix a potential buffer overflow where the code used unsafe pointer arithmetic to access the...

[SECURITY] Fedora 42 Update: pyp2spec-0.14.1-1.fc42

pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...

Linux Distros Unpatched Vulnerability : CVE-2026-31690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol driver: 1. Fix a potential buffer...

Oracle Linux 8 : python3.11 (ELSA-2026-11062)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-11062 advisory. 3.11.13-7.0.1 - Update rpm-macros description Orabug: 36024572 3.11.13-7 - Security fixes for CVE-2026-4786, CVE-2026-6100 Resolves: RHEL-168129,...

CVE-2026-31690

In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol driver: 1. Fix a potential buffer overflow where the code used unsafe pointer arithmetic to access the...

CVE-2026-31690

In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol driver: 1. Fix a potential buffer overflow where the code used unsafe pointer arithmetic to access the...

CVE-2026-31690

CVE-2026-31690 affects the Linux kernel TH1520 AON firmware protocol driver. The issue combined a potential buffer overflow from unsafe pointer arithmetic when accessing the 'mode' field via a resource offset, and the use of custom RPC_SET_BE*/RPC_GET_BE* macros replaced with standard endianness ...

CVE-2026-31690 firmware: thead: Fix buffer overflow and use standard endian macros

In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol driver: 1. Fix a potential buffer overflow where the code used unsafe pointer arithmetic to access the...