CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

Exposure of Information Through Directory Listing

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

EUVD-2022-24465

Malicious code in bioql PyPI...

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

SUSE CVE-2022-4190

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

Design/Logic Flaw

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

The vulnerability of the pg_ctlcluster script in the postgresql-common package involves insecure privilege management. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the pgctlcluster script in the postgresql-common package is related to an access rights rollback error during the creation of temporary directories for sockets/stats. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrit...

USN-3261-1 qemu vulnerabilities

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. CVE-2016-10028, CVE-2016-10029 Li Qiang discovered...

PHP 5.4.x < 5.4.40 / 5.5.x < 5.5.24 / 5.6.x < 5.6.8 'php_sdl.c' WSDL Injection

Binary data 8789.prm...

Anaconda Foundation Directory apexec.pl template Parameter Traversal Arbitrary File Retrieval

The remote Anaconda Foundation Directory contains a flaw that allows anyone to read arbitrary files with root super-user privileges, by embedding a null byte in a URL. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...