GHSA-6P45-JV22-32GP vulnerabilities

Vulnerabilities for packages: ocaml...

USN-8256-1 opam vulnerability

Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...

[SECURITY] Fedora 43 Update: opam-2.5.1-1.fc43

Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...

opam 安全漏洞

OPAM is an open-source source code manager for the OCaml language developed by OCaml. Versions of OPAM prior to 2.5.1 contained security vulnerabilities. These vulnerabilities stemmed from the ability to access parent directories using "../ in the .install field, which could lead to path traversa...

Linux Distros Unpatched Vulnerability : CVE-2026-41082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082 Note that Nessus relies o...

CVE-2026-28364 affecting package ocaml for versions less than 4.13.1-3

CVE-2026-28364 affecting package ocaml for versions less than 4.13.1-3. A patched version of the package is available...

CVE-2026-34353 affecting package ocaml for versions less than 4.13.1-3

CVE-2026-34353 affecting package ocaml for versions less than 4.13.1-3. An upgraded version of the package is available that resolves this issue...

CVE-2026-28364 affecting package ocaml for versions less than 5.1.1-2

CVE-2026-28364 affecting package ocaml for versions less than 5.1.1-2. A patched version of the package is available...

openSUSE Security Advisory (SUSE-SU-2026:0830-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:0800-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:10587-1 ocaml-4.12.1-1.1 on GA media

These are all security issues fixed in the ocaml-4.12.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10222-1 ocaml-4.03.0-1.3 on GA media

These are all security issues fixed in the ocaml-4.03.0-1.3 package on the GA media of openSUSE Tumbleweed...

Mageia: Security Advisory (MGASA-2019-0124)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : ocaml (2017-64f47504e4)

Fix: ocaml: Insufficient sanitisation allows privilege escalation for setuid binaries CVE-2017-9772 RHBZ1464920. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format...