1644 matches found
RLSA-2026:10710 Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-4800 For more details about the security issues, including the impact, a CVSS score,...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-429:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-429:01 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...
go-toolset:rhel8 security update
An update is available for module.delve, module.golang, delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming...
cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...
ALSA-2026:5941 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697
Planet ICG-2510 1.0_20250811 is affected by CVE-2026-3697. The vulnerable element is function sub_40C8E4 in /usr/sbin/httpd within the Language Package Configuration Handler. A manipulation of the Language argument can cause a stack-based buffer overflow, with the attack described as remotely exe...
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
MAL-2025-189659 Malicious code in start-iota-webpack-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a864f90e149e2b4496c53b9311b410904ffa98c5015ec30a16c6e3787810c0a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189919 Malicious code in thread-daemon-try-omega-mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e433f4a84e6efa7b11638b10854c927218008bde39976e0df1922164229fc2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187990 Malicious code in mesosphere-jupiter-sirius-spinner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9644d9c205b35461491024d83d86512d91f81d021787e7443dcc5b68ff0c4ede This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in awk-node-abstract-interpret-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e57b94267f695268b2205969adaa9a5ec8130180999c45d34e32b1a23caa7f70 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in array-upsilon-decrypt-container-object (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d6f1b2f78f3859c8fbba7480af773e3a640b776964115dd51de4ac13b754554 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in procyon-yaml-figures-toml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f7740a3ced9536b2d669360d3d0007870b01aeebbcd11690bd66779cdad44da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astrometry-request-semantic-ui-hermes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4012fb9f1f3a7b3429a717f037da51aa7222de55abc415ee48f54c5141ea59d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in halley-pm2-semantic-ui-commitlint-config-angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 207baa0abd8ece63fe60c3b6ed72245a1fbd0ab7acbb419f0f280f5e15470fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jasmine-karma-innercore-csrf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 203c72244b8153dbfc6ea87c52825b1a48e6cc1db0147ae09eecb408d18f79d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jovian-sass-loader-native-cassini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 225deea9531693f6cbd7d6edd3656452b2959b26fd0b8a748ec2e08d0dbcbb98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...