MAL-2025-10419 Malicious code in @zalastax/nolb-_shal (npm)

The package @zalastax/nolb-shal was found to contain malicious code...

MAL-2025-17967 Malicious code in darkenergy-unuk-barnard-package (npm)

The package darkenergy-unuk-barnard-package was found to contain malicious code...

MAL-2025-26263 Malicious code in metoer (npm)

The package metoer was found to contain malicious code...

Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848)

The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2848 advisory. An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function...

Updated phpmyadmin packages fix security vulnerabilities

fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...

RHEL 6 : ncurses (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ncurses: Stack-based buffer overflow caused by format string vulnerability in fmtentry function...

pmix: race condition allows attackers to obtain ownership of arbitrary files

OpenPMIx PMIx is vulnerable to a race condition during execution of library code with UID 0, which allows attackers to obtain ownership of arbitrary files...

AZL-40346 CVE-2024-2746 affecting package dnf5 for versions less than 5.1.11-3

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

pmix: race condition allows attackers to obtain ownership of arbitrary files

OpenPMIx PMIx is vulnerable to a race condition during execution of library code with UID 0, which allows attackers to obtain ownership of arbitrary files...

ROS-20240402-01

A vulnerability in the PMIx process control interface is related to the execution of library code with UID 0. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...

Debian DSA-5547-1 : pmix - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5547 advisory. Francois Diakhate reported that a race condition in pmix, a library implementing Process Management Interface PMI Exascale API, could allow a malicious user to obtain...

Debian dla-3643 : libpmi-pmix-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3643 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3643-1 [email protected] https://www.debian.org/lts/security/...

Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PMIx vulnerability (USN-6434-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6434-1 advisory. Francois Diakhate discovered that PMIx did not properly handle race conditions in the pmix library, which could lead to unwanted privilege...

Fedora 37 : openmpi / pmix / prrte / slurm (2023-155d2f22f1)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-155d2f22f1 advisory. Security fix for CVE-2023-41915 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

CVE-2023-41915

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...

Open5GS Denial of Service Vulnerability (CNVD-2025-18593)

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that stems from a problem with unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler, which can be...

Open5GS 安全漏洞

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that stems from a problem with unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler, which can be...

CVE-2020-28607

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2021-21696

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results i...

CVE-2021-27799

eanleadingzeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code...