Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.3 release and security update

Red Hat JBoss Web Server 6.2.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...

EUVD-2026-31797

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

CVE-2026-9496

CVE-2026-9496 affects the npm package pacote

CVE-2026-9496

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...

PT-2026-43197

Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software extracts installation files to a temporary directory using incorrect default permissions during administrative installation. This allows a low-privileged local...

PT-2026-43212

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

Malicious code in polydata-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04c2f2ae400ee7411678735073e22d4c662de5653a4add84eaca159ed0ba004a Package self-describes as a Polymarket market-data analytics tool but ships a Windows clipboard monitor src/polymarketdatafetcher/clipper/winclip.py...

CVE-2025-58074

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...

net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked

...

CVE-2026-43497

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vmops to dlfbopsmmap to prevent use-after-free dlfbopsmmap uses remappfnrange to map vmalloc framebuffer pages to userspace but sets no vmops on the VMA. This means the kernel cannot track active mmaps. When...

CVE-2026-43497

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vmops to dlfbopsmmap to prevent use-after-free dlfbopsmmap uses remappfnrange to map vmalloc framebuffer pages to userspace but sets no vmops on the VMA. This means the kernel cannot track active mmaps. When...

UBUNTU-CVE-2026-43497

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vmops to dlfbopsmmap to prevent use-after-free dlfbopsmmap uses remappfnrange to map vmalloc framebuffer pages to userspace but sets no vmops on the VMA. This means the kernel cannot track active mmaps. When...

CVE-2026-43497

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vmops to dlfbopsmmap to prevent use-after-free dlfbopsmmap uses remappfnrange to map vmalloc framebuffer pages to userspace but sets no vmops on the VMA. This means the kernel cannot track active mmaps. When...

CVE-2026-43497

The CVE-2026-43497 issue affects the Linux kernel fbdev path (udlfb/dlfb) where dlfb_ops_mmap maps vmalloc framebuffer pages without vm_ops, preventing mmap tracking. This allowed stale user PTEs to coexist with freed kernel pages after dlfb_realloc_framebuffer() via FBIOPUT_VSCREENINFO, causing ...

[SECURITY] Fedora 43 Update: rsync-3.4.1-6.fc43

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

PT-2026-42454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the udlfb component of the fbdev subsystem. The dlfb ops mmap function uses remap pfn range to map vmalloc framebuffer pages to userspace without setting...

Encrypted Neural Networks without Overflows

Fully homomorphic encryption FHE enables private inference by evaluating neural networks on encrypted data. In this way, we can delegate the computation to a third party server without ever revealing the user's data. Currently, the CKKS scheme is the backbone of most efficient FHE implementations...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: Device name buffers passed to the device replace function are properly validated for string termination. This prevents a read out of bounds situation in the getnamekernel function. There is a syzbot report...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed the locking usage for tcon fields. Previously, we used cifstcpseslock to protect many objects that weren’t just server, ses, or tcon lists. Later, we introduced srvlock, seslock, and tclock to protect fields within th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Issues in the mpi3mrgetalltgtinfo function have been fixed. The function mpi3mrgetalltgtinfo has four issues: 1 It calculates the valid entry length in alltgtinfo by assuming that the header part of the struct...