OPENSUSE-SU-2026:20655-1 Security update for helm

This update for helm fixes the following issues: Update to version 3.20.2. Security issued fixed: - CVE-2025-55199: specially crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: specially crafted Chart will have contents extracted to immediate output...

SUSE-SU-2026:21461-1 Security update for helm

This update for helm fixes the following issues: Update to version 3.20.2. Security issued fixed: - CVE-2025-55199: specially crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: specially crafted Chart will have contents extracted to immediate output...

rfc3161-client Has Improper Certificate Validation

Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python3 (UTSA-2025-992146)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992146 advisory. When using a TarFile.errorlevel = 0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the...

AZL-62298 CVE-2025-4435 affecting package python3 3.9.19-19

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

SUSE CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

SUSE CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. NOTE: WinRAR and Android RAR are unaffected...

go-unzip 路径遍历漏洞

Package go-unzip is a very simple library from the personal developer Dariusz Prząda. It is used to extract zip archives. A path traversal vulnerability exists in go-unzip, which stems from an incorrect path, where an archive containing relative file paths may cause files to be written or...