513 matches found
Astra Linux – Vulnerability in Samba
Samba does not validate the Validated-DNS-Host-Name property for the dNSHostName attribute, which may allow unprivileged users to modify it...
Astra Linux – Vulnerability in exim4
Exim before version 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...
Astra Linux – Vulnerability in avahi
A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion in the avahialternativehostname function...
Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.
Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 6 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname...
MAL-2026-6075 Malicious code in opt-archetype-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...
Malicious code in ogd-platform (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f17f2c263db2adee12698bd9046668b9b674bcdf063b959f54841914a6028931 The package contains only a package.json with a preinstall lifecycle script and ships no actual functionality despite advertising itself as an 'Open...
Malicious code in unicocheck-ios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc91c569cf42c5f1ff68531a8d5238919f595368ffa90b7d4e5bcc74fe9788 package.json declares a preinstall lifecycle script that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f with query...
MAL-2026-5764 Malicious code in sys-info-cli-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...
Malicious code in @achuthvp/postinstall-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Eclipse Paho Java client library
Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management . Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting...
MAL-2026-5611 Malicious code in datetime-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dc38777296d43cff21c9e56d16208c8925c6dc25b5dec4227823da94096433d The package presents itself as a lightweight datetime utility but its main entry datetime.js invokes collect from ./index.js at top level, so any...
Malicious code in @orion-design-system/foundation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...
Malicious code in @oplus/obus-web-sdk-plugin-recovery (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7435b09e6ec064fe7ff0738becd8dd3445f1a73e97427a8fb9285460bd4f723 @oplus/[email protected] publishes to a likely-private internal scope at an artificially high version to win resolution against a...
Malicious code in @oplus/obus-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed41b3738a8034ebb2e92744dd0891812f6c6fdb278e78c377045a86f2b5a34d On npm install, scripts/postinstall.js collects the installer's username os.userInfo, hostname os.hostname, current working directory process.cwd, an...
BIT-GOLANG-2026-27145 Inefficient candidate hostname parsing in crypto/x509
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...
OPENSUSE-SU-2026:20877-1 Security update for rsync
This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-29518: Symlink-Race TOCTOU in Daemon use chroot = no bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. -...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library
Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...
CVE-2018-25360
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructio...
AgataSoft Auto PingMaster 安全漏洞
AgataSoft Auto PingMaster is a network monitoring tool from AgataSoft, Inc. that supports host connectivity detection, latency monitoring and fault alerting. A security vulnerability exists in AgataSoft Auto PingMaster version 1.5, which stems from a stack-based buffer overflow in the Trace Route...