84008 matches found
CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...
MAL-2026-4430 Malicious code in @saidddddddddd/somethingelse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10c6c962a47a7992e9b415754433ca28aec0b867273e477fdc76acc96688554d Package ships multiple multi-file randomly-named JavaScript bundles at the tarball root dist/0wj8nina9p.js, dist/g2gldlcg6a.js, dist/k72k75nqjc.js,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/CPU/AMD: Added a fix for RDSEED in Zen5. There is an issue with the 16-bit and 32-bit register output variants of RDSEED in Zen5, which return a random value of 0 “at a rate inconsistent with randomness, while incorrectly...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk.Authenticated users who issue specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, leading to a runtime assertion and termination of the Redis server process. This issue affects all Redis...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: tpm: Added !tpmamdisrngdefective to the hwrngunregister call site The following crash was reported: 1950.279393 listdel corruption, ffff99560d485790-next is NULL 1950.279400 ------------ cut here ------------ 1950.279401 Kerne...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: brwimac: pcie: handling of randbuf allocation failure The kzalloc function in brwimacpciedownloadfwnvram will return null if physical memory runs out. As a result, if we use getrandombytes to generate random bytes into the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disabled LPM on ST1000DM010-2EP102. According to a user report, the ST1000DM010-2EP102 has issues with LPM, causing random system freezes. This drive belongs to the same BarraCuda family as the ST2000DM008-2FR10...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: synclinked regs must preserve subregdef Range propagation must not affect subregdef marks. Otherwise, the following example is rewritten incorrectly by the verifier when the BPFFTESTRNDHI32 flag is set: 0: call bpfktimegetns...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: ks-sa – fix division by zero in kssarnginit The issue of division by zero in kssarnginit was caused by missing clock pointer initialization. The clkgetrate function calls are performed on an uninitialized clk pointer,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/coco: Requires seeding the RNG with RDRAND on CoCo systems. There are few uses of CoCo that do not rely on functional cryptography and, consequently, a functioning RNG. Unfortunately, the CoCo threat model means that the VM...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics under certain conditions. This bug could lead to a memory safety violation due to an unmet...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in an atomic context. The following bug report occurred with the PREEMPTRT kernel: - Bug: A sleeping function was called from an invalid context at...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: cavium – fixed the NULL pointer dereference issue in coccicheck. Fixed the following coccicheck warnings: ./drivers/char/hwrandom/cavium-rng-vf.c:182:17-20: Error: pdev is NULL, but it was dereferenced...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.51.0, the Zip implementation calls iteratorgetunchecked more than once for the same index when it’s nested. This bug can lead to a memory safety violation due to a failure to meet the safety requirements of the TrustedRandomAccess trait...
MAL-2026-4729 Malicious code in whiteboard-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...
kernel: fs: writeback: fix use-after-free in __mark_inode_dirty()
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in markinodedirty An use-after-free issue occurred when markinodedirty get the bdiwriteback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-random- Not tainted...
Malicious code in jest-random-mock (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Detecting Data Exfiltration through I2P Anonymity Networks: A Two-Phase Machine Learning Approach
The Invisible Internet Project I2P provides strong anonymity through garlic routing and distributed network architecture, making it attractive for legitimate privacy needs. Nevertheless, the same properties can be exploited by malicious actors to steal sensitive information from corporate network...
MAL-2026-4141 Malicious code in jest-random-mock (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@ant-design/pro-editor (>=0.1.0 <=0.39.0), @antv/chart-advisor (>=1.0.0 <=1.1.7) +6 more potentially affected by unknown CVE via @antv/dw-random (=1.1.7)
@antv/dw-random NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/dw-random and may be impacted: - @ant-design/pro-editor =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.3.0-b2, =0.1.1-beta.1, =0.2.0-beta.1 Source cves: unknown CVE Source...