ALSA-2026:22730 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

ALSA-2026:22711 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

ALSA-2026:22717 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

dirtyfrag

Dirty Frag Overview Dirty Frag is a class of Linux ke...

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

RLSA-2026:18480 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

linux-sgx security update

An update is available for linux-sgx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Intel SGX SDK is a collection of APIs, libraries, documentations and...

OESA-2026-2478 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

RockyLinux 10 : linux-sgx (RLSA-2026:18480)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18480 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...

USN-8229-2 sed vulnerability

USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local...

podman security update

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

RLSA-2026:18868 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

RockyLinux 9 : linux-sgx (RLSA-2026:18868)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18868 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...

CVE-2026-8643

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...

CentOS 9 : vim-8.2.2637-29.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the vim-8.2.2637-29.el9 build changelog. - Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Note that Nessus has not tested for this issue but has inste...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1743)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1743 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

USN-8307-1 onnx vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...