108 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ACPICA: fixed the ACPI operand cache leak in dswstate.c ACPICA commit: 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I discovered a ACPI cache leak in cases where ACPI early termination occurs and the boot process continues. When...
kernel: ACPICA: fix acpi operand cache leak in dswstate.c
In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to maliciou...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to loss of confidentiality (CVE-2026-39892, CVE-2026-34073) and arbitrary code execution (CVE-2026-40087)
Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality CVE-2026-39892, CVE-2026-34073. Dashboard operands that use the App Connect Enterprise Agent are vulnerable to arbitrary code execution...
curl: wcurl treats some URL operands after -- as curl options
I found that wcurl does not always keep operands after -- in a pure URL-data context. The documented way to pass curl options through wcurl is --curl-options, but a value supplied as a URL operand can still reach the final curl command as an option, for example wcurl -- "--url=file:///...". A...
CVE-2026-32022
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005719)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005719 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005601)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005601 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005478)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005478 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...
Unsoundness in opt-in ARMv8 assembly backend for `keccak`
Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...
GHSA-3288-P39F-RQPV Unsoundness in opt-in ARMv8 assembly backend for `keccak`
Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...
RUSTSEC-2026-0012 Unsoundness in opt-in ARMv8 assembly backend for `keccak`
Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...
Unsoundness in opt-in ARMv8 assembly backend for `keccak`
Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...
Critical: Red Hat Security Advisory: Red Hat OpenShift Lightspeed 1.0.9 security update
Red Hat OpenShift Lightspeed 1.0.9 operand images, which provide security fixes and container updates. Red Hat OpenShift Lightspeed is a generative AI-based virtual assistant integrated into the OpenShift console. It can answer questions related to OpenShift and layered offerings. Security Fixes:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992238)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992238 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...
CVE-2025-62494
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...
CVE-2025-62494 Type confusion in string addition in QuickJS
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...
CVE-2025-62494
Summary: CVE-2025-62494 is a type-confusion vulnerability in the QuickJS engine’s string concatenation path. During the + operation, if the left operand is a string, the code converts the right operand to a primitive via JS_ToPrimitiveFree, which can trigger callbacks (toString/valueOf). While th...
EUVD-2017-8971
Malware in sbrugna...
SUSE CVE-2023-53395
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of...