OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

OESA-2026-1310 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

llama.cpp 安全漏洞

Llama.cpp is a multimodal model developed by Georgi Gerganov. Versions of Llama.cpp with the version number 55abc39 and earlier contain security vulnerabilities, which stem from a stack buffer overflow in the GBNF syntax processor...

CVE-2026-24053

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: pyasn1: pyasn1: Denial of Service due to memory exhaustion from malform...

CLSA-2026-1770136337 Fix CVE(s): CVE-2026-22796

SECURITY UPDATE: DoS by providing specially crafted PKCS7 data for signature verification - debian/patches/CVE-2026-22796.patch: ensure ASN1 types are checked before use - CVE-2026-22796...

PT-2026-6464

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...

Claude Code 跨站脚本漏洞

Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 2.0.74 contained a cross-site scripting vulnerability. This vulnerability stemmed from a Bash command validation flaw during the parsing of ZSH “clobber” syntax, which could allow bypassing...

RHEL 9 : openssl (RHSA-2026:1733)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1733 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Exploit for CVE-2025-15467

CVE-2025-15467: OpenSSL CMS AuthEnvelopedData Stack Buffer Ove...

[SECURITY] Fedora 43 Update: python-tinycss2-1.5.1-1.fc43

tinycss2 is a modern, low-level CSS parser for Python. tinycss2 is a rewrite of tinycss with a simpler API, based on the more recent CSS Syntax Level 3 specification...

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level...

SUSE-SU-2026:0310-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with...

CVE-2026-1465

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource thirdparty/faad2-2.7/libfaad modules. This vulnerability is associated with program files bits.C, syntax.C. This issue affects anyRTC-RTMP-OpenSource: before 1.0...

Malicious code in syntax-flow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cbb8a2a22bbc3655a87a5ddf26e53b87d3bd73e9f78dda4b586aefd5841f902 The package syntax-flow was found to contain malicious code. Source: ghsa-malware 717bc212f20f0c9dab6ffbd30716a7bae5cc63b886484d0c2d7ee5286b94eea7 An...

Malicious Package

Overview syntax-jsx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview syntax-flow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious code in syntax-jsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fd1189ee316a8c3e44060564a0bbcf1fd7409333cfb2f2e5035271f94b93f27 The package syntax-jsx was found to contain malicious code. Source: ghsa-malware b04dc357cbf3cdb2e7e66b09a4ba49cd101d7f3e5be0655514403145bdbff762 Any...