22 matches found
ROOT-OS-UBUNTU-2204-CVE-2025-40261 CVE-2025-40261 in rootio-linux - Patched by Root
Root has patched CVE-2025-40261 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
Security update for php-composer2
This update for php-composer2 fixes the following issues CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: version update to 2.2.27 align...
CVE-2026-40261
A flaw was found in Composer. Perforce::syncCodeBase appends the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Mitigation To mitigate this issue, only run...
Fedora 43 : composer (2026-02c1f66b6a)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-02c1f66b6a advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...
CVE-2026-40261
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
UBUNTU-CVE-2026-40261
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
PT-2026-32621
Name of the Vulnerable Software and Affected Versions Composer versions 1.0 through 2.2.26 Composer versions 2.3 through 2.9.5 Description A command injection issue exists in the Perforce VCS driver of Composer, a dependency manager for PHP. The Perforce::generateP4Command function constructs she...
openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20287-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20287-1 advisory. The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: -...
SUSE SLED15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:0447-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0447-1 advisory. The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issu...
CVE-2025-40261
No description is available for this CVE...
BELL-CVE-2025-40261
Bulletin has no description...
DEBIAN-CVE-2025-40261
In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...
CVE-2025-40261
In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...
Linux Distros Unpatched Vulnerability : CVE-2025-40261
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can...
EUVD-2025-40261
Malicious code in candra-mie96-sluey npm...
CVE-2023-40261
Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's har...
CVE-2023-40261
creationtimestamp| type| source ---|---|--- 2024-08-08 20:35:15+00:00| seen| https://t.me/cvedetector/2815 2025-03-13 19:42:46+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7484...
CVE-2022-40261
creationtimestamp| type| source ---|---|--- 2022-09-20 22:39:44+00:00| seen| https://t.me/cibsecurity/50162...
CVE-2022-40261 SMM memory corruption vulnerability in OverClockSmiHandler SMM driver
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system OS and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI...
CVE-2022-40261
CVE-2022-40261 concerns the OverClockSmiHandler SMM driver. The provided documents describe a local-privilege-escalation flaw that allows an attacker to elevate to System Management Mode (ring -2), execute arbitrary code in SMM, and bypass SMM‑based SPI flash protections, enabling a malicious BIO...