Malicious code in @refactco/refact-os (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 072881a1fd9241acfcd601ad5387b0338a26ff4828763658c3840b43a3cedb1c Running this package's refact-os init CLI scaffolds AI-editor hook configurations .claude/settings.json, .cursor/hooks.json and copies two Python hoo...

CVE-2025-47913

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

Authorization

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...

vdsm: incomplete fix for CVE-2013-0167 issue

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167...

CVE-2013-4236

CVE-2013-4236 affects VDSM in Red Hat Enterprise Virtualization 3 and 3.2. The issue stems from an incomplete fix for CVE-2013-0167 and can allow a privileged guest user to make the host running the guest unavailable to the management server via invalid XML characters in a guest agent response. P...

vdsm: incomplete fix for CVE-2013-0167 issue

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167...