2671 matches found
SUSE-SU-2025:01885-2 Security update for perl-YAML-LibYAML
This update for perl-YAML-LibYAML fixes the following issues: - CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified bsc1243902...
USN-7626-2: Git regression
USN-7626-1 fixed vulnerabilities in Git. The update introduced a regression in gitk and git-gui. This update reverts the corresponding fixes for CVE-2025-27613 and CVE-2025-46835 pending further investigation. We apologize for the inconvenience. Original advisory details: Avi Halachmi discovered...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Git vulnerabilities (USN-7626-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7626-1 advisory. Avi Halachmi discovered that Git incorrectly managed file modification constraints with...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
CVE-2025-43001
CVE-2025-43001 describes a privilege-escalation flaw in SAPCAR. An attacker with high privileges can override the permissions of the current and parent directories when extracting archives, enabling modification of critical files by tampering with signed archives without breaking signatures. The ...
PT-2025-28390 · Unknown · Tia Administrator
Name of the Vulnerable Software and Affected Versions: TIA Administrator versions prior to V3.0.6 Description: A vulnerability has been identified in the affected application, allowing low-privileged users to trigger installations by overwriting cache files and modifying the download path. This...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
yaml-libyaml: LibYAML Perl File Modification Vulnerability
A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...
yaml-libyaml: LibYAML Perl File Modification Vulnerability
A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...
Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
Medium: perl-YAML-LibYAML
Issue Overview: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified CVE-2025-40908 Affected Packages: perl-YAML-LibYAML Issue Correction: Run dnf update perl-YAML-LibYAML --releasever 2023.7.20250623 or dnf update --advisory ALAS2023-2025-1036...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1044)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1044 advisory. Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with filter=tar of files outside the extraction directory.You are affected by this vulnerabili...
Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
ALSA-2025:9329 Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
ALSA-2025:9330 Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
Dell PowerScale OneFS 安全漏洞
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. An elevation of privilege vulnerability exists in Dell PowerScale OneFS versions 9.5.0.0 through 9.10.0.1 due to a lack of authorization in NFS exports. An attack...
CVE-2025-33117
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...
CVE-2025-33117 IBM QRadar SIEM command execution
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...
Astra Linux – Vulnerability in libyaml-libyaml-perl
YAML-LibYAML before version 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...
Tenable Nessus Agent < 10.8.5 Multiple Vulnerabilities (TNS-2025-11) (Windows)
According to its self-reported version, the Tenable Nessus Agent running on the remote Windows host is prior to 10.8.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-11 advisory. - In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found tha...