341 matches found
Astra Linux - уязвимость в zsh
In Zsh before version 5.8, attackers who were able to execute commands could regain privileges lost due to the --no-PRIVILEGED option. Zsh failed to overwrite the saved user ID, so the original privileges could be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls...
jq: stack overflow in module loading on mutual `include`
...
CVE-2026-43998
vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not...
UBUNTU-CVE-2026-44777
jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...
CVE-2026-44777 jq: stack overflow in module loading on mutual `include`
jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...
jq 安全漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.2rc1 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the standard module loader does not perform cyclic checks when modules are included within each other,...
Exploit for Write-what-where Condition in Linux Linux_Kernel
Dirty Frag mitigation script This script: 1. Block...
vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape
Summary NodeVM's builtin allowlist can be bypassed when the module builtin is allowed including via the '' wildcard. The module builtin exposes Node's Module.load, which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed co...
Important: kernel-livepatch-6.18.20-20.229
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands as an administrator user: echo...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: This issue is fixed if the listversions function races with the module loading process. listversions will first estimate the required space using the dmtargetiteratelistversiongetneeded, &needed call, and then fill that...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export data but no code,...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btftrygetmodule and loadmodule While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Optimize module load time by optimizing PLT/GOT counting When enabling CONFIGKASAN, CONFIGPREEMPTVOLUNTARYBUILD and CONFIGPREEMPTVOLUNTARY at the same time, there will be soft deadlock, the relevant logs are as follows...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...
Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways
We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...
Important: python3.9
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
openssl-encrypt: Dynamic .so loading for Whirlpool uses broad glob pattern without integrity verification
Severity: HIGH Summary The Whirlpool hash implementation in opensslencrypt/modules/registry/hashregistry.py at lines 570-589 uses glob patterns to find .so modules in site-packages and loads the first match via importlib without verifying module integrity. Affected Code python for sitepkg in...
Malicious code in @wame/ngx-adfs (npm)
Malicious package due to hex obfuscation, dynamic module loading, process access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee67ae68f066d11c3e0625e260c588df3d43384ae91fe74292977ea5304684d9 The package...
MAL-2026-2416 Malicious code in oc-ccp-module-client (npm)
Malware due to hex obfuscation, suspicious install script, dynamic module loading, OS command access, process object access, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2b4b9cee1369c441aa8d759bc04085a8e2b14786df20656a8c6bc249e6260...