3890 matches found
RLSA-2026:19068 Moderate: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
systemd security update
An update is available for systemd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for Linux...
CVE-2026-40224 vulnerabilities
Vulnerabilities for packages: systemd...
GHSA-JF3X-2PF6-C45W vulnerabilities
Vulnerabilities for packages: systemd...
CVE-2026-40224 vulnerabilities
Vulnerabilities for packages: systemd...
GHSA-JF3X-2PF6-C45W vulnerabilities
Vulnerabilities for packages: systemd...
GHSA-27VP-2MMC-VMH3 nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
PT-2026-44549
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
Oracle Linux 8 : cockpit (ELSA-2026-21700)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-21700 advisory. - pkg/systemd: robustify argument quoting CVE-2026-4802 RHEL-161386 Tenable has extracted the preceding description block directly from the Oracle Linux securi...
Malicious code in twokey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...
MAL-2026-4697 Malicious code in twokey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...
MAL-2026-4345 Malicious code in eo-terminal (npm)
Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...
Malicious code in get-package-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...
MAL-2026-4572 Malicious code in get-package-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...
RockyLinux 9 : systemd (RLSA-2025:22660)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:22660 advisory. systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump CVE-2025-4598 Tenable has...
RockyLinux 10 : systemd (RLSA-2026:13651)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:13651 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...
RockyLinux 9 : systemd (RLSA-2026:13677)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:13677 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description blo...
systemd security update
An update is available for systemd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for Linux...
RLSA-2026:13651 Moderate: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...