Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.63 security and extras update

Red Hat OpenShift Container Platform release 4.16.63 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a security impact of...

RLSA-2026:3752 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: crypto/x50...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2026:0170)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0170 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

RLSA-2026:2920 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 grafana/grafana/pkg/services/dashboards: Grafana...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8540:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8540:01 advisory. golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped...

EUVD-2024-51814

Malicious code in bioql PyPI...

Security update for python

This update for python fixes the following issues: CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

Ubuntu: Security Advisory (USN-7454-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-30343

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file o...

CVE-2025-30343

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file o...

CVE-2025-25724

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...

CVE-2025-25724

CVE-2025-25724 affects libarchive up to 3.7.7. The issue is in tar/util.c: list_item_verbose does not check the return value of strftime, which can enable a denial of service or other impact when reading a crafted TAR with verbose=2, potentially impacted by locale-specific buffer sizing. Connecte...

CVE-2024-57970

libarchive through 3.7.7 has a heap-based buffer over-read in headergnulonglink in archivereadsupportformattar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2024:3923-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3923-1 advisory. - CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of th...

USN-7087-1: libarchive vulnerability

It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitra...

PT-2024-20695 · Xenforo · Xenforo

Name of the Vulnerable Software and Affected Versions: XenForo versions prior to 2.2.14 Description: The issue allows Directory Traversal with write access by an authenticated user who has permissions to administer styles. This is possible when using a ZIP archive for Styles Import...

SUSE-SU-2024:0071-1 Security update for tar

This update for tar fixes the following issues: - CVE-2023-39804: Incorrectly handled extension attributes in PAX archives can lead to a crash bsc1217969...

CVE-2023-0342 MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...