1644 matches found
RLSA-2026:10710 Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-4800 For more details about the security issues, including the impact, a CVSS score,...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-429:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-429:01 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...
go-toolset:rhel8 security update
An update is available for module.delve, module.golang, delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming...
cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...
ALSA-2026:5941 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697
Planet ICG-2510 1.0_20250811 is affected by CVE-2026-3697. The vulnerable element is function sub_40C8E4 in /usr/sbin/httpd within the Language Package Configuration Handler. A manipulation of the Language argument can cause a stack-based buffer overflow, with the attack described as remotely exe...
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
MAL-2025-189243 Malicious code in rimraf-isostasy-algol-paleoanthropology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3481301405182aeda1f115cbdd839ab65c80a8048007b504458f4df9b948c27f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185466 Malicious code in antares-iota-mysql-start (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6b745a215730f800ab23e41a575eb14af8482a22bb5b1a6db13350db681a93e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189180 Malicious code in report-epsilon-socket-beta-sudo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a374b6f621a7480a7de9e738180564cc75591db6337a7b845ed16decbc25ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189290 Malicious code in run-script-juno-supernova-commitlint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28d5416570aa5bf98628db20b38d6aa688ee1a11743013f75bbbf34b033fb219 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185548 Malicious code in arcturus-phenomic-glaciology-promise (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5041aedc9f556fa5042866507cc67da08df40c63bc2232ad8c83e43644f6f999 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187642 Malicious code in jupiter-scripts-html-webpack-plugin-blitz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31eee506ff144bca2954b06b2cc81c5b33023ff8cff1b6cc66e7722a2f83da7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in procyon-yaml-figures-toml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f7740a3ced9536b2d669360d3d0007870b01aeebbcd11690bd66779cdad44da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astrometry-request-semantic-ui-hermes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4012fb9f1f3a7b3429a717f037da51aa7222de55abc415ee48f54c5141ea59d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eslint-tardigrade-gammarayburst-cryonics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6ba0986e5b3fa90399d98555fce56050736ff52b31ceb2a66250e086fda217 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in halley-pm2-semantic-ui-commitlint-config-angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 207baa0abd8ece63fe60c3b6ed72245a1fbd0ab7acbb419f0f280f5e15470fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...