1051 matches found
CLSA-2026-1778261513 Update of alt-php
Miscellaneous Ubuntu changes - Packaging: add tuxcare suffix Miscellaneous upstream changes - xfrm: esp: avoid in-place decrypt on shared skb frags - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present...
Spying across Chiplets: Side-Channel Attacks in 2.5/3D Integrated Systems
Advanced packaging and chiplet-based integration are increasingly adopted to build complex heterogeneous systems beyond the limits of monolithic scaling. While these architectures offer major benefits in terms of modularity, yield, and performance, they also introduce new physical attack surfaces...
Symlink Attack
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Symlink Attack via the build packaging workflow. An attacker can access sensitive files from the build host by introducing crafted symlinks in the build context, which are...
SUSE-SU-2026:21593-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues Security issue: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1262283. Non security issue: - Refactored .spec file to fully support transactional and immutable operating systems jscPED-14609: Migrated user...
SUSE-SU-2026:21575-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues Security issue: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1262283. Non security issue: - Refactored .spec file to fully support transactional and immutable operating systems jscPED-14609: Migrated user...
Malicious code in rostilesolver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
openSUSE 16 Security Update : radare2 (openSUSE-SU-2026:20653-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20653-1 advisory. Changes in radare2: - Update to version 6.1.4 bsc1262142, CVE-2026-40499: Analysis: improve autoname scoring, jmptbl detection, and performance...
[SECURITY] Fedora 43 Update: PackageKit-1.3.4-3.fc43
PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from an execution approval vulnerability in the exec-approvals-allowlist.ts file, which allowed the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the --persist-lint-results process. An attacker can overwrite arbitrary JSON files on the filesystem by supplying a crafted APK with manipulated .PKGINFO fields containing path traversal sequences. This is only...
CVE-2026-29051 melange has Path Traversal via .PKGINFO in --persist-lint-results
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...
Oracle MySQL Server 8.0.x < 8.0.46 (April 2026 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...
PT-2026-34804
Name of the Vulnerable Software and Affected Versions melange versions 0.32.0 through 0.43.3 Description When using the opt-in flag '--persist-lint-results' via 'melange lint' or 'melange build', the software constructs output file paths by joining the '--out-dir' parameter with arch and pkgname...
Oracle MySQL Server 8.4.x < 8.4.9 (April 2026 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...
Oracle MySQL Server 9.x.x < 9.7.0 (April 2026 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...
SUSE-SU-2026:1519-1 Security update 5.1.3 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...
CVE-2026-3219
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
Oracle Linux 9 : nodejs:24 (ELSA-2026-7350)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7350 advisory. nodejs 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 1:24.14.1-1 - Update to version 24.14.1 nodejs-nodemon 3.0.3-3 - Keep BR on just npm 3.0.3-2 - Fi...
[SECURITY] Fedora 44 Update: plasma-workspace-x11-6.6.4-1.fc44
Support for the legacy X11 window system in KDE Plasma, as opposed to the default Wayland. This package provides the legacy "Plasma X11" session type and the startplasma-x11 executable required by that session type. Other requirements such as kwin-x11 are found in the package dependencies. The...
[SECURITY] Fedora 44 Update: kf6-6.25.0-1.fc44
Filesystem and RPM macros for KDE Frameworks 6...