2677 matches found
Malicious code in pypi-build-verifier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2026-42617
Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...
CVE-2026-40092
Summary: In Nimiq’s Rust-based stack, versions ≤ 1.3.0 of the nimiq-blockchain component are vulnerable to a crafted Kademlia DHT record containing a TaggedSigned with a signature field not exactly 64 bytes. When a victim node processes the record, the Ed25519 signature is parsed via Ed25519Signa...
Malicious code in wallet-backup-verifier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3537e19be49ba9b1222856a7df147f5751a129e0b9eac69158467e21c0a1755a Package presents itself as a 'Community Security Alliance' MCP server for verifying cryptocurrency wallet backups, but performs three concrete...
MAL-2026-4250 Malicious code in wallet-backup-verifier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3537e19be49ba9b1222856a7df147f5751a129e0b9eac69158467e21c0a1755a Package presents itself as a 'Community Security Alliance' MCP server for verifying cryptocurrency wallet backups, but performs three concrete...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an incorrect scalar handling in the maybeforkscalars function for BPFOR. The maybeforkscalars function is called for both BPFAND and BPFOR when the source operand is a constant. When dst has a signed range of -1, 0, it...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc calls in checkkfunccall. Such calls would be caught by fixupkfunccall if they aren’t eliminated through dead code elimination. However, this can lead ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Skip the scalar adjustment for BPFNEG if the destination is a pointer. In checkaluop, the verifier currently calls checkregarg and adjustscalarminmaxvals unconditionally for BPFNEG operations. However, if the destination...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: copyverifierstate should copy the ‘loopentry’ field. The bpfverifierstate.loopentry state should be copied by copyverifierstate. Otherwise, values of .loopentry from unrelated states could corrupt env-curstate. Additionally,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
Incorrect verifier pruning in the BPF module of the Linux kernel version 5.4 and above leads to unsafe code paths being incorrectly marked as safe. This results in arbitrary read/writes to kernel memory, lateral privilege escalation, and container escapes...
Astra Linux – Vulnerability in Linux
The kernel/bpf/verifier.c file in the Linux kernel, as of version 5.12.1, performs undesirable speculative loads. This leads to the disclosure of stack contents through side-channel attacks, known as CID-801c6058d14a. The main issue is that the BPF stack area is not properly protected against...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the verifier’s assumptions regarding the socket-sk structure. The verifier assumes that the sk field in the struct socket structure is valid and not NULL when the socket pointer itself is trusted and not NULL. This...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fixed a memory leak in array reallocation for stack state. If an error NULL is returned by krealloc, callers of reallocarray would set their allocation pointers to NULL. However, when an error occurs in krealloc, i...
Astra Linux – Vulnerability in Linux 5.10
The checkaluop function in kernel/bpf/verifier.c in the Linux kernel, as of v5.16-rc5, did not properly update the bounds when handling the mov32 instruction. This issue allows local users to obtain potentially sensitive address information, also known as a “pointer leak.”...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper functions that write to read-only maps Lonial identified an issue where, even when the BPF map on both the user and BPF sides is frozen like in the case of .rodata, it was still possible to write into it from the...
Astra Linux – Vulnerability in Linux
In kernel/bpf/verifier.c in the Linux kernel before version 5.12.13, a branch prediction can be mispredicted e.g., due to type confusion, allowing a non-privileged BPF program to access arbitrary memory locations through a side-channel attack, known as CID-9183671af6db...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the s390 eBPF JIT mechanism within bpfjitinsn in the arch/s390/net/bpfjitcomp.c file of the Linux kernel. In this flaw, a local attacker with special user privileges can bypass the verifier, potentially leading to confidentiality issues...
NLnet Labs Unbound 安全漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the DNSSEC verifier failing to account for NSEC3 hash calculation restrictions when querying D...