CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-40706)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40706 advisory. - In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in...

CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

UBUNTU-CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

MiracleLinux 7 : rh-php73-php-7.3.20-1.el7 (AXSA:2020-958:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-958:01 advisory. php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte CVE-2019-11045 php: Information...

MiracleLinux 3 : automake-1.9.6-2.3.AXS3 (AXSA:2010-175:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-175:01 advisory. Automake is a tool for automatically generating Makefile.in' files compliant with the GNU Coding Standards. You should install Automake if you are developing...

EUVD-2022-3197

Malicious code in bioql PyPI...

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...

jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines

A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...

PT-2024-35372 · Jenkins · Jenkins Pipeline: Groovy Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 3990.vd281dd77a 388 and earlier, except version 3975.3977.v478dd9e956c3 Description: The issue allows attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no...

CVE-2021-41599

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

DEBIAN-CVE-2022-21682

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the...

DRUPAL-CONTRIB-2020-013

The Webform module allows site builders to create forms. The module doesn't sufficiently prevent malicious code from being render via an options elements i.e select menu, checkboxes, radios, etc... under the scenario where the site builder allows the raw option value to be displayed. This...

OpenShift3: Exec operations should be forbidden to privileged pods such as builder pods

An improper permission check issue was discovered in the server admission control component in OpenShift. A user with build permissions could use this flaw to execute arbitrary shell commands on a build pod with the privileges of the root user...

Puppet: Local Privilege Escalation/Arbitrary Code Execution

Puppet Module Tool PMT, as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to rea...