EUVD-2026-32339

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...

CVE-2026-45873 netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...

CVE-2026-45873

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...

PT-2026-43918

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in retry aligned read When retry aligned read encounters an overlapped stripe, it releases the stripe via raid5 release stripe which puts it on the lockless released stripes llist. In the next raid5d loo...

CVE-2026-45873

netfilter: nftsetrbtree: check for partial overlaps in anonymous sets...

CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

PT-2026-33852

Name of the Vulnerable Software and Affected Versions gnu C Library versions prior to 2.44 Description Calling the ungetwc function on a FILE stream with wide characters encoded in a character set with overlaps between single byte and multi-byte character encodings can lead to an attempt to read...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from unvalidated overlap of open intervals, potentially allowing bypasses in the validation of collection...

CLSA-2024-1720548691 python3: Fix of 2 CVEs

CVE-2023-6597: Prevent tempfile.TemporaryDirectory class dereference symlinks - CVE-2024-0450: Make zipfile module reject zip archives which overlap entries in the archive. Prevent “quoted-overlap” zip-bombs exploit...

kernel: ext4: fix rbtree traversal bug in ext4_mb_use_preallocated

A flaw was identified in the ext4 filesystem’s block preallocation allocator in the Linux kernel. During allocation, the code traverses an rbtree of per-inode preallocations.Concurrently, the helper ext4mbdiscardgrouppreallocation can mark PAs as deleted, which may cause a naive rbtree traversal ...

Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities

The Russia-linked APT29 aka Cozy Bear threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT...

Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks

A threat actor tracked under the moniker Webworm is taking advantage of bespoke variants of already existing Windows-based remote access trojans to fly under the radar, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older...

10 Years Journey into API Security Vulnerabilities with Ivan, the CEO of Wallarm

Ivan Novikov, CEO at Wallarm, is an API security expert, bug hunter, security researcher, and blackhat speaker with 24 years of experience in the cybersecurity field. He spent decades in this industry and witnessed exploits as well as growth. Read ahead to understand Ivan’s API Security journey a...

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware...

PT-2021-21591 · M Files · M-Files Web

Name of the Vulnerable Software and Affected Versions: M-Files Web versions prior to 20.10.9524.1 Description: The issue allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. It is disputed because the range behavior is the responsibility ...

DarkUniverse APT Emerges to Deliver Sophisticated, Targeted Spy Attacks

A sophisticated espionage APT that was active for at least eight years before receding into the shadows has been uncovered — and researchers said that it may still be active. In April 2017, ShadowBrokers published one of their many leaks of cyberweapons used by the National Security Agency NSA an...

ALPINE-CVE-2019-13232

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue...

Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign

Introduction FireEye devices detected intrusion attempts against multiple industries, including think tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government, and defense contracting. The attempts involved a phishing email appearing to be from the...

A Closer Look at APT Group Sofacy’s Latest Targets

Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang. Research shows a continual march toward Far East targets and overlapping of activities with other groups such as Lamberts, Turla and Danti...

ALPINE-CVE-2018-7263

The maddecoderrun function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service SIGABRT because of double free or corruption or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552...