Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: aide (UTSA-2025-991233)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991233 advisory. AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft...

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

SUSE CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

CVE-2025-54389

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

AZL-66434 CVE-2025-54389 affecting package aide for versions less than 0.16-17

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

DEBIAN-CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

PT-2025-33306

Name of the Vulnerable Software and Affected Versions: AIDE versions prior to 0.19.2 Description: AIDE is susceptible to an improper output neutralization issue. An attacker can create a malicious filename containing terminal escape sequences to conceal file additions or removals from reports and...

rsync: --safe-links option bypass leads to path traversal

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

Updated libreoffice packages fix security vulnerabilities

Improper input validation enabling arbitrary Gstreamer pipeline injection. CVE-2023-6185 Link targets allow arbitrary script execution. CVE-2023-6186...

CVE-2023-6186 Link targets allow arbitrary script execution

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

GHSA-47WR-426J-FR82 Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer

Impact Users unpacking a tarball through dbdeployer may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defences. Mitigating factors For the...

PT-2021-14703 · Jenkins · Jenkins Markdown Formatter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Markdown Formatter Plugin versions 0.1.0 and earlier Description: The issue results from the plugin's failure to sanitize crafted link target URLs, leading to a stored cross-site scripting XSS vulnerability. This vulnerability can be...

Jenkins 跨站脚本漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2019-20903

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...

CVE-2019-20903

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code c...

Code injection

Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message...

CVE-2013-1299

CVE-2013-1299 affects Microsoft Windows Modern Mail. The vulnerability allows remote attackers to spoof link targets in crafted HTML e-mails due to improper handling of link targets, enabling phishing-like deception. Affected component is Windows Modern Mail; underlying cause is spoofable link ta...