20 matches found
MAL-2026-5677 Malicious code in worker-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e11b6161f4fe3c591bddadbf275003eaac33a1478cda408ac51d85230292e6d package.json declares "postinstall": "node main.js", so installation of [email protected] unconditionally executes main.js on npm install. main.js...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in values including series paths, patch filenames, and numeric parameters, which are read from patch.yaml. An attacker who can control inputs to this file can cause shell commands to be run on the build host by injecti...
Fedora: Security Advisory (FEDORA-2025-eb0eab6793)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 43 Update: python-uv-build-0.9.5-1.fc43
This package is a slimmed down version of uv containing only the build backend...
SUSE: Security Advisory (SUSE-SU-2025:0857-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
Tippa My Tongue Tippa My Tongue is an exploit that uses CVE-2...
SUSE: Security Advisory (SUSE-SU-2019:0387-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unspecified Vulnerability in Micro Focus openSUSE
Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the UK. openSUSE Leap is a version of openSUSE. A security vulnerability exists in the build package of Micro Focus openSUSE Leap, which stems from the program's failure to validate directory names. An attacker could...
Design/Logic Flaw
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
DEBIAN-CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
UBUNTU-CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
Summary (CVE-2017-14804) : The vulnerability affects the build package prior to 20171128, which fails to validate directory names during extraction of build results, enabling writes outside the target buildroot. This is documented in multiple sources (OpenSUSE SUSE announcements, OSS updates, and...
SUSE-SU-2017:3253-1 Fixing security issues on OBS toolchain
This OBS toolchain update fixes the following issues: Package 'build': - CVE-2010-4226: force use of bsdtar for VMs bnc665768 - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo fate32321...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the kernel-build-2.6.8-3-powerpc Debian GNU/Linux operating system can be exploited, resulting in a violation of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The kernel-build-2.4.27-apus package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The kernel-build-2.4.27-powerpc-small package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The kernel-build-2.4.27-2 package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...