266 matches found
SUSE SLES15 Security Update : csync2 (SUSE-SU-2026:2116-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2116-1 advisory. This update for csync2 fixes the following issue - CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472...
CVE-2026-41051
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
BIT-MLFLOW-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow
In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...
SUSE-SU-2026:21994-1 Security update for csync2
This update for csync2 fixes the following issues Security issue: - CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472. Non security issue: - Fix packages for Immutable Mode jscPED-14855...
OPENSUSE-SU-2026:20900-1 Security update for csync2
This update for csync2 fixes the following issues Security issue: - CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472. Non security issue: - Fix packages for Immutable Mode jscPED-14855...
SUSE-SU-2026:22041-1 Security update for csync2
This update for csync2 fixes the following issues Security issue: - CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472. Non security issue: - Fix packages for Immutable Mode jscPED-14855...
Security update for csync2
This update for csync2 fixes the following issue CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...
SUSE-SU-2026:2116-1 Security update for csync2
This update for csync2 fixes the following issue - CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472...
EUVD-2026-33277
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
MAL-2026-4547 Malicious code in cxpher-linux-arm32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd6c14d2899b638880b25bf1c35973ed1c9cf6fcb99331447e3da7c2478124c7 The package's main is an ARM ELF binary that, when loaded, mkdtemp's a working directory under /dev/shm/.cxpher.XXXXXX or /tmp/.cxpher.XXXXXX, writes...
MLFlow Creates a Temporary File With Insecure Permissions
In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...
GHSA-F2M9-WCF4-CWWX MLFlow Creates a Temporary File With Insecure Permissions
In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...
CVE-2026-4137
In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...
Linux Distros Unpatched Vulnerability : CVE-2026-41051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. CVE-2026-41051 Note...
Path Traversal
github.com/dgraph-io/dgraph is vulnerable to Path Traversal. The vulnerability is due to improper validation of the dagRunId request field passed into filepath.Join, which allows an attacker to exploit directory traversal using values such as .. and trigger unintended deletion of system temporary...
EUVD-2026-29920
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
DEBIAN-CVE-2026-41051
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
UBUNTU-CVE-2026-41051
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
CVE-2026-41051
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
CVE-2026-41051
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...