5 matches found
Malicious code in zer0onedatetool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fd05fda74bbf13c6275d4da0fa80fece821cad03fb2237ae74ed24309eab52 The postinstall lifecycle script in this package issues curl POST requests to a subdomain of oastify.com — the out-of-band callback domain operated b...
MAL-2026-4809 Malicious code in baidubsrc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e303b294e3a8f77fdfa91935af2cd5828572f5ab5ec2f0e0b34a0136e33d70dd setup.py executes os.system"curl xiangyangt.com/pypi" unconditionally during pip install. This is an unauthenticated plaintext HTTP request to a...
SUSE CVE-2016-9384
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table...
Linux kernel drivers/xen/usbback/usbback.c information disclosure vulnerability
Linux kernel is an open source operating system. A security vulnerability in drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0, which is used by the Suse distribution of the Linux kernel, allows a local GUEST OS user to obtain kernel-sensitive information about the HOST OS...
Resin MS-DOS Device Request Path Disclosure
Resin will reveal the physical path of the webroot when asked for a special DOS device, e.g. lpt9.xtp An attacker may use this flaw to gain further knowledge about the remote filesystem layout. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anderson...