EUVD-2011-3930

Malware in sbrugna...

@codingducksrl/nx-duck (>=0.4.1 <=0.4.6), @nativescript/plugin-tools (>=5.5.0 <=5.5.3) +11 more potentially affected by CVE-2025-10894 via @nx/node (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)

@nx/node NPM version =20.0.0-beta.0, =0.4.1, =5.5.0, =4.0.0, =2.12.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0, =20.0.0, =0.2.0, =20.0.0, =20.2.1-dev.3 - @terrxo/nx-cloudflare =4.0.1 - @ziacik/azure-func =4.0.0 Source cves: CVE-2025-10894 Source advisory: OSV:MAL-2025-41441...

Malicious code in @nx/node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2af988f9c4fc2229b1c898c346bb959612eb11fe9a5065e686c47328bee221e0 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

@caliobase/caliobase-nx (>=0.3.53 <=0.3.54), @nestledjs/all (>=0.0.1 <=0.1.22) +4 more potentially affected by CVE-2025-10894 via @nx/node (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)

@nx/node NPM version =21.0.0-beta.0, =0.3.53, =0.0.1, =0.0.1, =0.0.1, =21.0.0, =21.0.0, =21.5.0-canary.20250904-ec1f1a4 Source cves: CVE-2025-10894 Source advisory: OSV:GHSA-CXM3-WV7P-598C...

@codingducksrl/nx-duck (>=0.4.1 <=0.4.6), @nativescript/plugin-tools (>=5.5.0 <=5.5.3) +11 more potentially affected by CVE-2025-10894 via @nx/node (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)

@nx/node NPM version =20.0.0-beta.0, =0.4.1, =5.5.0, =4.0.0, =2.12.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0, =20.0.0, =0.2.0, =20.0.0, =20.2.1-dev.3 - @terrxo/nx-cloudflare =4.0.1 - @ziacik/azure-func =4.0.0 Source cves: CVE-2025-10894 Source advisory: OSV:GHSA-CXM3-WV7P-598C...

Embeded Malicious Code

Overview @nx/node is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...

@codingducksrl/nx-duck (>=0.4.1 <=0.4.6), @nativescript/plugin-tools (>=5.5.0 <=5.5.3) +11 more potentially affected by CVE-2025-10894 via @nx/node (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)

@nx/node NPM version =20.0.0-beta.0, =0.4.1, =5.5.0, =4.0.0, =2.12.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0, =20.0.0, =0.2.0, =20.0.0, =20.2.1-dev.3 - @terrxo/nx-cloudflare =4.0.1 - @ziacik/azure-func =4.0.0 Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXNODE-12205640...

Gentoo Security Advisory GLSA 201201-07 (NX Server NX Node)

The remote host is missing updates announced in advisory GLSA 201201-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 201201-07 (NX Server NX Node)

The remote host is missing updates announced in advisory GLSA 201201-07. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

GLSA-201201-07 : NX Server Free Edition, NX Node: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201201-07 NX Server Free Edition, NX Node: Privilege escalation NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability. Impact : A local attacker could gain escalated...

CVE-2011-3977

Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x before 3.5.0-4 and NX Server 3.x before 3.5.0-5 allows local users to read arbitrary files via unknown vectors...

CVE-2011-3977

NoMachine NX Server/Node vulnerable component: nxconfigure.sh in NX Server 3.x (pre-3.5.0-5) and NX Node 3.x (pre-3.5.0-4) contains an unspecified vulnerability that allows local users to read arbitrary files via unknown vectors. Exploitation conditions and impact are described as local privilege...

Gentoo Security Advisory GLSA 200807-07 (nx, nxnode)

The remote host is missing updates announced in advisory GLSA 200807-07. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NX: User-assisted execution of arbitrary code

Background NoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. Description Multiple integer overflow and buffer overflow vulnerabilities...

GLSA-200804-05 : NX: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200804-05 NX: User-assisted execution of arbitrary code Multiple integer overflow and buffer overflow vulnerabilities have been discovered in the X.Org X server as shipped by NX and NX Node vulnerabilities 1-4 in GLSA 200801-09...