1644 matches found
RLSA-2026:10710 Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-4800 For more details about the security issues, including the impact, a CVSS score,...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-429:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-429:01 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...
go-toolset:rhel8 security update
An update is available for module.delve, module.golang, delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming...
cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...
ALSA-2026:5941 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
CVE-2026-3697
Planet ICG-2510 1.0_20250811 is affected by CVE-2026-3697. The vulnerable element is function sub_40C8E4 in /usr/sbin/httpd within the Language Package Configuration Handler. A manipulation of the Language argument can cause a stack-based buffer overflow, with the attack described as remotely exe...
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow
A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...
MAL-2025-185782 Malicious code in beta-key-promise-socket-file (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebad79cce7e400d887bd619f66393a1012518f16bdabeeded43fbc8577048891 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189372 Malicious code in scale-phi-deserialize-nu-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3da7cfb294f277c58d7e8fe6484b55c4210fc860ea9b97bd8165568c264fb168 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185548 Malicious code in arcturus-phenomic-glaciology-promise (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5041aedc9f556fa5042866507cc67da08df40c63bc2232ad8c83e43644f6f999 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187990 Malicious code in mesosphere-jupiter-sirius-spinner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9644d9c205b35461491024d83d86512d91f81d021787e7443dcc5b68ff0c4ede This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187264 Malicious code in halley-bioinformatics-mui-venus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 662312aa6ad2beee5a2348e5ded7008cd22d42f7258a0e9670509dd2889d5910 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in robotics-auriga-eclipse-parcel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c8603622ee8e5a543e52a8e1616d015299b855bbd4ffd91c72063efc39f558 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in halley-pm2-semantic-ui-commitlint-config-angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 207baa0abd8ece63fe60c3b6ed72245a1fbd0ab7acbb419f0f280f5e15470fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in awk-node-abstract-interpret-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e57b94267f695268b2205969adaa9a5ec8130180999c45d34e32b1a23caa7f70 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aether-hologram-genomics-xanthus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fd696e3d7bb6d4aa0cae1f564fd1879823fe90d9e33b77c646528afe0a0d30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in warp-asthenosphere-ganymede-publish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a92ebd310cc475e2b9ba6eae8284cedf4b60c8bbc57a74d40d2b6dfbaceb30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...