PT-2026-36990

Name of the Vulnerable Software and Affected Versions apko affected versions not specified Description apko verifies the signature on 'APKINDEX.tar.gz' but fails to compare individually downloaded '.apk' packages against the checksum recorded in the signed index. Although the checksum is parsed v...

RHEL 8 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - The...

RHEL 8 : developer_environment (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...

ALSA-2021:4743 Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

Moderate: Red Hat Security Advisory: gcc-toolset-10-annobin security update

An update for gcc-toolset-10-annobin is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

gcc-toolset-10-annobin security update

An update is available for gcc-toolset-10-annobin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Annobin provides a compiler plugin to annotate and tools to...

Moderate: rust-toolset:rhel8 security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes wer...

ALSA-2021:4586 Moderate: gcc-toolset-11-gcc security update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were...

ALSA-2021:4585 Moderate: gcc-toolset-10-gcc security update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were...

Trojan Source attack lets hackers exploit source code

By Waqas Trojan Source attack impacts all popular programming language compilers, such as C, C++, C, Java, JavaScript, Python, Rust, and Go. This is a post from HackRead.com Read the original post: Trojan Source attack lets hackers exploit source code...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

security flaw

The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...