Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...

Malicious code in cloud-image (npm)

The package cloud-image was found to contain malicious code...

MAL-2025-17159 Malicious code in cloud-image (npm)

The package cloud-image was found to contain malicious code...

ALSA-2025:9623 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/http:...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

ALSA-2025:4669 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

RLSA-2024:9456 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

PicUploader 安全漏洞

PicUploader is a graphic bed tool written in php by Bruce's personal developer. It helps you to quickly upload your images to a cloud image bed and automatically return a Markdown formatted link to the clipboard. PicUploader has a security vulnerability that stems from a cross-site scripting...

K11772107: BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084

Security Advisory Description There is an issue with regenerating certificates and keys when deploying BIG-IP and BIG-IQ cloud images in Amazon Web Services AWS, Azure or Verizon cloud services environments. CVE-2016-2084 Note : CVE-2016-2084 impacts only BIG-IP or BIG-IQ AWS, Azure, or Verizon...

GHSA-862G-9H5M-M3QV coreos-installer < 0.10.0 writes world-readable Ignition config to installed system

Impact On systems installed with coreos-installer before 0.10.0, the user-provided Ignition config was written to /boot/ignition/config.ign with world-readable permissions, granting unprivileged users access to any secrets included in the config. Default configurations of Fedora CoreOS and RHEL...