2102 matches found
RHSA-2026:22714 Red Hat Security Advisory: osbuild-composer security update
Bulletin has no description...
RHSA-2026:22450 Red Hat Security Advisory: osbuild-composer security update
Bulletin has no description...
Important: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
Important: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
PT-2026-46102
Impact It’s a “moderate” vulnerability… but being an admin panel, we take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them...
Important: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
TencentOS Server 3: osbuild-composer (TSSA-2026:0387)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0387 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Fedora 44 : composer (2026-bd05cb6c4d)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bd05cb6c4d advisory. Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure GHSA-f9f8-rm49-7jv2 Tenable has extracted the preceding description block...
Fedora 43 : composer (2026-3e8172bbdb)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e8172bbdb advisory. Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure GHSA-f9f8-rm49-7jv2 Tenable has extracted the preceding description block...
Fedora 44 : pie (2026-3d8d946f69)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3d8d946f69 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...
Fedora 43 : pie (2026-b7427db462)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b7427db462 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json,"...
[SECURITY] Fedora 43 Update: composer-2.9.8-1.fc43
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
[SECURITY] Fedora 44 Update: composer-2.9.8-1.fc44
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
RockyLinux 8 : osbuild-composer (RLSA-2025:9844)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9844 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...
RockyLinux 10 : osbuild-composer (RLSA-2026:1837)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1837 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...
RockyLinux 9 : osbuild-composer (RLSA-2026:1381)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1381 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...
RockyLinux 8 : osbuild-composer (RLSA-2026:3898)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3898 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...
RockyLinux 10 : osbuild-composer (RLSA-2026:3752)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3752 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: archive/zip: Excessive CPU...