CLSA-2025-1754940060 Fix CVE(s): CVE-2025-27613, CVE-2025-27614, CVE-2025-46835

SECURITY UPDATE: multiple vulnerabilities in Gitk and Git GUI - debian/patches/CVE-2025-27614CVE-2025-27613CVE-2025-46835.patch: Prevent script execution via specially crafted filenames in Gitk. Sanitize filename handling to avoid unintended file creation/truncation. Validate directory names in G...

CLSA-2025-1754648405 Fix CVE(s): CVE-2025-27613, CVE-2025-27614, CVE-2025-46835

SECURITY UPDATE: potential file creation/truncation when cloning untrusted repository in gitk - debian/patches/CVE-2025-27613CVE-2025-27614CVE-2025-46835.patch: improve dark mode support, remove hard-coded colors in ttext calls and use colors from the theme for text widgets via Text.Background an...

CVE-2021-37347

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument...

SUSE CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

CVE-2021-37347

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument...

CentOS 8 : openssh (CESA-2019:3702)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3702 advisory. - openssh: scp client improper directory name validation CVE-2018-20685 - openssh: Missing character encoding in progress display allows for spoofing o...

Debian: Security Advisory (DSA-4387-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...