19 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-181450 Malicious code in baso9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 376288079fa5b3df1e69ce97dfa1fc9003abbc69ddbef501e52b6056b95df716 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in digo-kaism-liamkiaor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78d4861249dc0b875952c5fda8a80b6bbd5b99d9e2acbadea925367b674a8848 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tearich-new1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfd0b55ba7b5cdd1b23b0d8e6ad9105b2e49b7c2563d61d2dbf29381cc558f41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-171077 Malicious code in danielarosa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ec518c8e395d0ec625b2dd3890407812566c18f4b6435d995966280a6e40549 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-150032 Malicious code in @mipta1/gjjd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5162a82fec82292342cda066c8dbde26c551e5f0032d955f7883b9a4e5a247d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-149998 Malicious code in @mipta1/easddgr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24526dee5e572fe8f2c2300bbe348ac4dbbded16ca5e6553043c5d439ffe27a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-137905 Malicious code in wati-keraktelor72-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 991764e37b5403b66aa476b3dbf911bd3d9af1a087ccbe6183244ae390e67b4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oktafian-miemee94-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5dae298d451289f420a10e13aa7c24b32dcb7bc292b260ad90a77b3bef5e7c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-109736 Malicious code in tomi-lodeh68-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1481cbdcf155531151353a1d3fe3c8d592060b36ba7269d81596d6284fb1b19c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lisa-esdoger11-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17fe3e222f19afc6fa0d58951afbd6dfdeba82b7522495961936c5350ba1dac2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hanafi-kue62-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42cc2e657b73aef52bb76e8691ea3c49b96e99e9814404251b235357e75b8cea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in udin-kentang98-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcd705443f19753926015b919d1db5ff0915af7efb5aa4e421f6642f733bb03c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in putra-mie58-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215632ade7b792cc36acf0cf37e88d47a96ad721a85a38398e10ff8a33cfb649 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Linux Distros Unpatched Vulnerability : CVE-2018-7689
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages wher...
CVE-2017-14806
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version...
DEBIAN-CVE-2018-7689
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...
CVE-2018-7689
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...