132 matches found
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
osbuild-composer security update
An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...
TencentOS Server 4: perl-Archive-Tar (TSSA-2026:0424)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0424 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2026-10621
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
CVE-2026-41567
CVE-2026-41567 affects Docker Engine and Moby earlier than 29.5.1 / moby/moby v2 before v2.0.0-beta.14. When uploading a compressed archive to a container via PUT /containers/{id}/archive or piping with docker cp -, the daemon resolves decompression binaries from the container filesystem rather t...
CVE-2026-11195
Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
Jenkins Credentials Binding Plugin 路径遍历漏洞
The Jenkins Credentials Binding Plugin is an open-source plugin developed by Jenkins that binds secure credentials stored in Jenkins to environment variables during build processes. The Jenkins Credentials Binding Plugin versions 719.v80e905ef14eb and earlier have a path traversal vulnerability...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Untar and Unzip functions in pkg/archive/archive.go. An attacker can overwrite arbitrary files on the filesystem by crafting a malicious tar or zip archive containing directory traversal sequences and trickin...
CVE-2026-28483
...
CVE-2025-13462
The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
EUVD-2026-10496
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...
SUSE-SU-2026:20629-1 Security update for go1.24-openssl
This update for go1.24-openssl fixes the following issues: - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc1251255 - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. bsc1251253 -...
Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted...
SUSE CVE-2026-26158
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
PT-2026-5940
Name of the Vulnerable Software and Affected Versions Articentgroup Zip Rar Extractor Tool version 1.345.93.0 Description The Articentgroup Zip Rar Extractor Tool is susceptible to a Directory Traversal issue. This flaw is located within the ZIP file processing component, specifically in the part...
GHSA-6R62-W2Q3-48HF BentoML has a Path Traversal via Bentofile Configuration
Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...
MiracleLinux 8 : git-2.31.1-3.el8 (AXSA:2023-4991:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4991:01 advisory. git: gitattributes parsing integer overflow CVE-2022-23521 git: Heap overflow in git archive, git log --format leading to RCE CVE-2022-41903 Tenable...
OESA-2026-1093 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...
MiracleLinux 4 : php-5.3.2-6.AXS4.1 (AXSA:2011-39:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-39:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...