RHSA-2026:16736 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

Vulnerabilities are handled in GitLab through GitLab Inc.

GitLab Inc. has addressed several vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE in various versions, particularly in releases from version 8.3 to 18.11.3. These vulnerabilities concern various components and functions within GitLab, including Jira integration, container...

Astra Linux - уязвимость в rpm

A flaw was discovered in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can persuade a victim to install a seemingly verifiable package, whose signature header was modified, to cause corruption of the RPM database and execute malicious code. The...

CVE-2026-21023

The vulnerability CVE-2026-21023 affects PackageManagerService prior to SMR Mar-2026 Release 1, enabling local attackers to modify installation restrictions on specific apps. Root cause: insufficient verification of data authenticity in PackageManagerService. Impact per the sources: trivial local...

[SECURITY] Fedora 42 Update: PackageKit-1.3.4-3.fc42

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

[SECURITY] Fedora 43 Update: PackageKit-1.3.4-3.fc43

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

PT-2026-35775

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description Insufficient sanitization of the PIP INDEX URL and UV INDEX URL environment variables in host execution contexts allows attackers to redirect Python package-index traffic. This can lead to the...

[SECURITY] Fedora 44 Update: PackageKit-1.3.4-3.fc44

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

CVE-2026-41651

CVE-2026-41651 concerns PackageKit, a D-Bus abstraction layer for cross-distro package management. The vulnerability affects versions 1.0.2 through 1.3.4 and enables local privilege escalation via a TOCTOU race on transaction flags, allowing an unprivileged user to install packages as root (inclu...

RHSA-2026:8813 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs due to insufficient sanitization of environment variables related to package management, registries, Docker, compilers, and TLS overrides in the...

[SECURITY] Fedora 42 Update: rust-cargo-rpmstatus-0.2.4-3.fc42

Cargo-tree for RPM packaging...

AZL-79509 CVE-2026-2219 affecting package dpkg 1.20.10-1

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

CVE-2026-2219 affects dpkg-deb in dpkg, where improper validation of the end of the data stream during uncompression of zstd-compressed .deb archives can lead to a denial-of-service (infinite CPU loop). Public records from OSV and OSV-derived advisories confirm patches exist in multiple distribut...

[SECURITY] Fedora 42 Update: python-apt-3.1.0-1.fc42

python-apt is a wrapper to use features of APT from Python...

[SECURITY] Fedora 42 Update: apt-3.1.15-2.fc42

This package provides commandline tools for searching and managing as well as querying information about packages as a low-level access to all features of the libapt-pkg library. These include: apt-get for retrieval of packages and information about them from authenticated sources and for...

[SECURITY] Fedora 43 Update: apt-3.1.15-2.fc43

This package provides commandline tools for searching and managing as well as querying information about packages as a low-level access to all features of the libapt-pkg library. These include: apt-get for retrieval of packages and information about them from authenticated sources and for...

Malicious Package

Overview mona-speedy-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-0013753)

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...

CVE-2025-66325

Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...