503 matches found
SUSE SLES16: libsolv-demo / libsolv-devel / libsolv-devel-static / libsolv-tools / etc (SUSE-SU-2026:22172-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22172-1 advisory. Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available...
SUSE-SU-2026:22221-1 Security update for zypper, libzypp, libsolv
This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...
SUSE-SU-2026:22172-1 Security update for zypper, libzypp, libsolv
This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...
CVE-2026-8428
Concrete CMS 9.5.0 and below emits a CSRF token in the localavailableupdate.php view $token-output'doupdate' but the corresponding doupdate method in concrete/controllers/singlepage/dashboard/system/update/update.php never calls $this-token-validate'doupdate'. The form is rendered as a POST form,...
CVE-2026-46740
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558 grant table v2 race in status page mapping
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558 grant table v2 race in status page mapping
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558
CVE-2026-23558 describes a grant table v2 race in status page mapping for the Xen hypervisor. In XSA-379/387 scenarios, when a HVM/PVH guest changes grant table version from v2 to v1 while XENMEM_add_to_physmap maps status pages, some status pages may be freed even as their mappings are still ins...
CVE-2026-22816
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003401)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003401 advisory. Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by...
Malicious code in eridanus-antimatter-figures-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc9f078e333a05d5703ffb66d84694f1b93317ddb74c0ff6cd1be5c855ec5899 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187543 Malicious code in iota-report-phi-good-public (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4466f1348183e2632c1a55a4604c3526358dfe8dc19f8b17470ec8d2a5ddf2ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186990 Malicious code in firebase-helios-bionics-virtualreality (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1022ecdd26947cec0f0053fa453beff0e4313b5d2fef4cee8a9101980dac690 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189353 Malicious code in sass-loader-cluster-link-jekyll (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 457c2e864673b1e699b6d103dedadc301fb27dd6c6ceb5e99f0f2acfef90a5e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190088 Malicious code in upgrade-quantum-computing-eslint-plugin-areology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f24884b7f8123dd633e86819d246df7e79be71c3680536de53b2cdce89ba5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chakra-ui-fornax-umbriel-wezen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3365ea447d8e6476fd1db57f2e6c33bf854a5c9ab298ad0d5aaecd0e6f783ed2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in passport-semantic-ui-miranda-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a277e6b110c6a4ddfff8bbead45f6d4b7425d4afb2864b265afba03f6b45bfc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...