35 matches found
MAL-2025-41421 Malicious code in k7eel2-ss (PyPI)
The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...
USN-7677-1: cloud-init vulnerabilities
Harry Sintonen discovered that the hotplugd socket in cloud-init was world writable. An attacker could possibly use this issue to send hotplug-hook commands. CVE-2024-11584 It was discovered that cloud-init granted root access to a hardcoded URL with a local IP address when a non-x86 platform is...
cloud-init: Cloud init permissions flaw
An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...
cloud-init: Cloud init permissions flaw
An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...
cloud-init: Cloud init permissions flaw
An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...
Important: cloud-init
Issue Overview: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. CVE-2024-6174 Affected Packages: cloud-init Issue Correction: Run dnf update cloud-init...
Important: cloud-init
Issue Overview: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. CVE-2024-6174 Affected Packages: cloud-init Note: This advisory is applicable to Amazon...
SUSE CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
AZL-64374 CVE-2024-6174 affecting package cloud-init for versions less than 23.3-7
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
DEBIAN-CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
CVE-2024-6174
Summary: CVE-2024-6174 affects cloud-init. When a non-x86 platform is detected, it could grant root access to a hardcoded URL with a local IP. This is the underlying cause. Impact: High (CVSS v3.1: 8.8, privileges required: none, user interaction: none, scope: unchanged). Affected scope (from con...
CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
Malicious code in axonify (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 22991c04631c7553b040a72573bc7d0ad80886ab6bc834ac43f1e1611f85ea02 The package is capable of installing malware from a hardcoded URL. The malware is well-recognized and acts as infostealer. Interestingly, it uses Steam profile...