openSUSE 16 Security Update : micropython (openSUSE-SU-2026:20199-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20199-1 advisory. Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in mpmaplookup via mpimportall bsc1257803. - Version 1.26.1 esp32: update esptinyusb...

CVE-2025-69263

CVE-2025-69263 affects the pnpm package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without an integrity hash, enabling a remote server to serve different content on each install. An attacker publishing a package with an HTTP tarba...

UBUNTU-CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

Slackware Advisory SSA:2005-251-01 kcheckpass in kdebase

The remote host is missing an update as announced via advisory SSA:2005-251-01. OpenVAS Vulnerability Test $Id: esoftslkssa200525101.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware: Security Advisory (SSA:2005-251-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200404-01 (Portage)

The remote host is missing updates announced in advisory GLSA 200404-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Slackware 10.0 / 10.1 / current : kcheckpass in kdebase (SSA:2005-251-01)

New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges. %NASLMINLEVEL 70300 ...

kcheckpass in kdebase

New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges. For more details abo...

CVE-2004-1901

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles...

CVE-2004-1901

Portage (Gentoo) vulnerability CVE-2004-1901: Portage before 2.0.50-r3 allows a local attacker to overwrite arbitrary files via a hard link attack on the lockfiles. This is a local-privilege issue tied to the lockfile handling. Affected software is Portage; the root cause is the hard link attack ...

CVE-2004-1901

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles...

PT-2004-2799 · Gentoo · Portage

Name of the Vulnerable Software and Affected Versions: Portage versions prior to 2.0.50-r3 Description: The issue allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. This is a result of a hard link attack vulnerability in the lockfiles of Portage...

Insecure sandbox temporary lockfile vulnerabilities in Portage

Background Portage is Gentoo's package management system which is responsible for installing, compiling and updating any ebuilds on the system through the Gentoo rsync tree. Under default configurations, most ebuilds run under a sandbox which prevent the build process writing to the "real" system...

sol2.51-6.lockfiles.txt

Date: Wed, 21 Oct 1998 20:22:38 +0200 From: Joel Eriksson To: [email protected] Subject: License Manager's lockfiles Solaris 2.5.1 License Manager on Solaris 2.5.1 tends to make stupid lockfiles owned by root and mode 666 worldwrite'able. That is not good, since anyone could create rootowned...

Solaris 2.5.1 - License Manager

source: https://www.securityfocus.com/bid/461/info The Solaris License Manager that ships with versions 2.5.1 and 2.6 is vulnerable to multiple symlink attacks. License Manager creates lockfiles owned by root and set mode 666 which it writes to regularily. It follows symlinks. bash$ ls -l...

Solaris 2.5.1 - License Manager

Solaris 2.5.1 - License Manager source: https://www.securityfocus.com/bid/461/info The Solaris License Manager that ships with versions 2.5.1 and 2.6 is vulnerable to multiple symlink attacks. License Manager creates lockfiles owned by root and set mode 666 which it writes to regularily. It follo...