Astra Linux - уязвимость в orc

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2026-31526

Summary: CVE-2026-31526 concerns the Linux kernel BPF verifier. A defect in exception exits for BPF subprograms allowed ORC unwinding to proceed without releasing user-held locks, risking resource leaks and instability. The root cause: process_bpf_exit_full() could set check_lock=false for except...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +9547 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =3.10.0.5, =0.5.0, =1.2.4, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2026.03.26.140500-911435f and more Source cves: CVE-2026-5588 Source advisory:...

Linux Distros Unpatched Vulnerability : CVE-2026-4833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler...

CVE-2026-4833

CVE-2026-4833 affects Orc discount up to 3.0.1.2, specifically the Markdown Handler's markdown.c compile function. The issue causes uncontrolled recursion when fed input such as an infinitely deep blockquote, leading to a local-execution crash. Public exploit availability exists, and the project ...

CVE-2026-4833

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

CVE-2026-4833 Orc discount Markdown markdown.c compile recursion

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

CVE-2026-4833 Orc discount Markdown markdown.c compile recursion

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

PT-2026-28186

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

CVE-2026-25534

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

Azure Linux 3.0 Security Update: orc (CVE-2024-40897)

The version of orc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40897 advisory. - Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer ...

MiracleLinux 8 : orc-0.4.28-4.el8_10 (AXSA:2024-8673:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8673:01 advisory. orc: Stack-based buffer overflow vulnerability in ORC CVE-2024-40897 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : orc-0.4.31-7.el9_4 (AXSA:2024-8781:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8781:02 advisory. orc: Stack-based buffer overflow vulnerability in ORC CVE-2024-40897 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 7 : orc-0.4.26-1.0.1.el7.AXS7 (AXSA:2024-8902:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8902:03 advisory. CVE-2024-40897: fix stack buffer overflow while construct error messages Disable gtk-doc building due lack of gtkdoc-mktmpl command in gtk-doc-1.28-2.el7 CVE...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +509 more potentially affected by CVE-2025-67721 via io.airlift:aircompressor (=2.0.2)

io.airlift:aircompressor MAVEN version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.airlift:aircompressor and may be impacted: - ai.catboost:catboost-spark4.02.13 =1.2.10 - ai.catboost:catboost-spark4.12.13 =1.2.10 - ai.h2o:h2o-orc-parser...

EUVD-2025-14947

Malicious code in bioql PyPI...

EUVD-2024-38708

Malicious code in bioql PyPI...

EUVD-2022-4611

Malicious code in bioql PyPI...

ai.ancf.lmos:arc-gemini-client (>=0.1.1 <=0.104.0), ai.bareun.tagger:bareun (>=1.0.0 <=1.4.3) +5261 more potentially affected by CVE-2025-55163 via io.grpc:grpc-netty-shaded (>=1.10.1 <=1.74.0)

io.grpc:grpc-netty-shaded MAVEN version =1.10.1, =0.1.1, =1.0.0, =0.0.23, =0.9.0, =3.10.0.5, =0.2.7, =0.2.7, =1.3.3, =24.9.0, =24.9.0, =24.9.0, =24.9.0, =24.9.5, =24.9.0, =24.9.0, =25.10.7 and more Source cves: CVE-2025-55163 Source advisory: OSV:GHSA-PRJ3-CCX8-P6X4...

ROOT-OS-DEBIAN-12-CVE-2024-40897 CVE-2024-40897 in rootio-orc - Patched by Root

Root has patched CVE-2024-40897 in the rootio-orc package for Root:Debian:12. Multiple fixed versions available...