Important: golang

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Win32 Calc Shellcode

This is a 14-byte Win32 shellcode that opens calc.exe using a fixed CALL rel32 offset on Windows XP SP 3 English...

Malicious Package

Overview ts-logger-pack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

ROOT-APP-MAVEN-CVE-2025-68384 CVE-2025-68384 in io.root.org.elasticsearch.plugin:x-pack-security - Patched by Root

Root has patched CVE-2025-68384 in the io.root.org.elasticsearch.plugin:x-pack-security package for Root:Maven. Multiple fixed versions available...

kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

MAL-2026-4199 Malicious code in ts-logger-pack (npm)

ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...

Astra Linux - уязвимость в rails

The Actionpack Ruby gem versions prior to 6.1.3.2, 6.0.3.7, 5.2.4.6, and 5.2.6 have a possible denial-of-service vulnerability in the Token Authentication logic of the Action Controller, due to overly permissive regular expressions. Affected code uses authenticateorrequestwithhttptoken or...

Astra Linux - уязвимость в rails

An XSS vulnerability exists in Action Pack versions = 5.2.0 and 5.2.0, which could allow an attacker to bypass the Content Security Policy and generate non-HTML responses...

Astra Linux - уязвимость в rails

Action Pack is a framework for handling and responding to web requests. Under certain circumstances, response bodies may not be closed properly. If a response does not notify the system of a close operation, ActionDispatch::Executor will not know to reset the thread local state for the next...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1960-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1960-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.103 fixes one security issue The following security issue was fixed: - CVE-2026-4328...

Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes one security issue The following security issue was fixed: CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

OESA-2026-2306 python-GitPython security update

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. Security Fixes: Summary GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and...

Security update for go1.25

This update for go1.25 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

SUSE-SU-2026:1862-1 Security update for go1.25

This update for go1.25 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool pack' does...

Security update for go1.26

This update for go1.26 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

SUSE-SU-2026:1861-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool pack' does...

Malicious code in chalk-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6eab5e9e696250cc719b36e144f4534cac2b38a25521cda80222b6c66cd64c Package is named chalk-pack impersonating chalk with keywords and index.js impersonating lodash; index.js is a stub that self-describes as 'Just a...

OPENSUSE-SU-2026:20752-1 Security update for alloy

This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...