1644 matches found
RLSA-2026:10710 Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-4800 For more details about the security issues, including the impact, a CVSS score,...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-429:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-429:01 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...
go-toolset:rhel8 security update
An update is available for module.delve, module.golang, delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming...
cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...
ALSA-2026:5941 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697
Planet ICG-2510 1.0_20250811 is affected by CVE-2026-3697. The vulnerable element is function sub_40C8E4 in /usr/sbin/httpd within the Language Package Configuration Handler. A manipulation of the Language argument can cause a stack-based buffer overflow, with the attack described as remotely exe...
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
Malicious code in paleoecology-webdriver-manager-cli-outercore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1702a5ded5d7db3c4166a15a439a1ab13253c487e4124cb1374ba85b937cfa5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in async-lynx-lithosphere-telesto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ec24e13dc5676cd39326afe618afe0b9e4435ea88c7c601c8b2053d26a6c81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in standard-thuban-commitlint-config-angular-got (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94a6549fd8e5b7d2d9bdd5f25574202ea00d3f54f001e0e57c00fca175f5c116 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aether-hologram-genomics-xanthus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fd696e3d7bb6d4aa0cae1f564fd1879823fe90d9e33b77c646528afe0a0d30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in old-string-protected-omega-decode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94b4c6b9e02ae8116c384e78de29b120b55757d7fc40c59281afe45f6917f764 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189290 Malicious code in run-script-juno-supernova-commitlint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28d5416570aa5bf98628db20b38d6aa688ee1a11743013f75bbbf34b033fb219 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187985 Malicious code in mesosphere-bootes-primatology-levels (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8eb4476e67bc8ba2d8ab0e4bd9d74c8303fd6ff5f358e8668ac8c8457cf414 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in array-upsilon-decrypt-container-object (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d6f1b2f78f3859c8fbba7480af773e3a640b776964115dd51de4ac13b754554 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jovian-sass-loader-native-cassini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 225deea9531693f6cbd7d6edd3656452b2959b26fd0b8a748ec2e08d0dbcbb98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187642 Malicious code in jupiter-scripts-html-webpack-plugin-blitz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31eee506ff144bca2954b06b2cc81c5b33023ff8cff1b6cc66e7722a2f83da7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...