CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

K01730454: Ruby vulnerabilities CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, and CVE-2017-0902

Security Advisory Description CVE-2017-0899 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. CVE-2017-0900 RubyGems version 2.6.12 and earlie...

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1770-1 Rating: important References: 1177901 Cross-References: CVE-2020-15229 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...

ALPINE-CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

SearchBlox contains multiple vulnerabilities

Overview SearchBlox contains multiple vulnerabilities that can allow an unauthenticated attacker to overwrite critical data on the filesystem, read cleartext user credentials, or execute arbitrary code on a vulnerable system. Description SearchBlox versions 7.4 Build 1 and older contain multiple...

GLSA-200412-11 : Cscope: Insecure creation of temporary files

The remote host is affected by the vulnerability described in GLSA-200412-11 Cscope: Insecure creation of temporary files Cscope creates temporary files in world-writable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory,...

GLSA-200409-32 : getmail: Filesystem overwrite vulnerability

The remote host is affected by the vulnerability described in GLSA-200409-32 getmail: Filesystem overwrite vulnerability David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious local...

getmail: Filesystem overwrite vulnerability

Background getmail is a reliable fetchmail replacement that supports Maildir, Mboxrd and external MDA delivery. Description David Watson discovered a vulnerability in getmail when it is configured to run as root and deliver mail to the maildirs/mbox files of untrusted local users. A malicious loc...