The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command because a Content-Disposition header can have ../ in a filename as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

...

CVE-2020-3427

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denia...

Moderate: Red Hat Security Advisory: utempter security update

An updated utempter package that fixes a potential symlink vulnerability is now available. Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device nam...