28 matches found
Oracle Linux 9 : postgresql:15 (ELSA-2026-28037)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28037 advisory. pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new buil...
MAL-2026-6308 Malicious code in @lazyutil/dater (npm)
@lazyutil/dater malicious versions 0.8.1, 0.9.2, 0.9.3, and 0.9.4, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all...
MAL-2026-4467 Malicious code in @weirdorg/dotenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...
postgresql:12 security update
An update is available for pgrepack, pgaudit, module.postgres-decoderbufs, module.pgaudit, postgresql, module.pgrepack, postgres-decoderbufs, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
postgresql:16 security update
pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1 postgres-decoderbufs 2.4.0-1.Final - Initial import for postgresql 16 stream - Related: RHEL-3636 postgresql 16.13-1 - Update to 16.13 - Fix...
[SECURITY] Fedora 42 Update: python-wheel-0.45.1-5.fc42
This is a command line tool for manipulating Python wheel files, as defined in PEP 427. It contains the following functionality: - Convert .egg archives into .whl. - Unpack wheel archives. - Repack wheel archives. - Add or remove tags in existing wheel archives...
[SECURITY] Fedora 43 Update: python-wheel-0.45.1-20.fc43
This is a command line tool for manipulating Python wheel files, as defined in PEP 427. It contains the following functionality: - Convert .egg archives into .whl. - Unpack wheel archives. - Repack wheel archives. - Add or remove tags in existing wheel archives...
Oracle Linux 9 : postgresql:16 (ELSA-2026-0493)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0493 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3635 pgrepack 1.5.1-1 - Update to v1.5.1...
Oracle Linux 8 : postgresql:15 (ELSA-2026-0524)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0524 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.15-1 - Update to 15.15 - Resolves: RHEL-128819 CVE-2025-12818 Tenable has extracted the preceding...
postgresql:15 security update
pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47350 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 212841...
CVE-2023-54284
In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in writetstodecoder The buf4 value comes from the user via tsplay. It is a value in the u8 range. The final length we pass to av7110ipackinstantrepack is "len - buf4 + 1 - 4" so add a check to...
Malicious code in determined_nightingale_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acae57b8779cfd22c1f651d039abf585921681083494477c9436ad2ba8637adf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-35356
Malicious code in js-repack npm...
Malicious code in js-repack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7a80a1c4ce3e508e53f6fbcff1d53486d344d5e88efb691abaad37cc22759f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview js-repack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2025-48554 Malicious code in js-repack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7a80a1c4ce3e508e53f6fbcff1d53486d344d5e88efb691abaad37cc22759f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47834 Malicious code in react-repack (npm)
The package react-repack was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 038fe89fdf3f2220fd47dd19c5464b9fcc0b3f60c5ad14ed468d2d1da9909de1 Any computer that has this package installed or running should be considered fully...
Malicious code in react-repack (npm)
The package react-repack was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 038fe89fdf3f2220fd47dd19c5464b9fcc0b3f60c5ad14ed468d2d1da9909de1 Any computer that has this package installed or running should be considered fully...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...