Azure Linux 3.0 Security Update: pytorch (CVE-2024-5187)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5187 advisory. - A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38090)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38090 advisory. - In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/riocm.c: prevent possibl...

Azure Linux 3.0 Security Update: pytorch (CVE-2024-7776)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7776 advisory. - A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16....

CVE-2026-23986

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

GHSA-4FQP-R85R-HXQH Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write to arbitrary directories outside the...

Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write to arbitrary directories outside the...

SUSE-SU-2026:20116-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-9566: kube play command may overwrite host files bsc1249154...

SUSE-SU-2026:20103-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-9566: kube play command may overwrite host files bsc1249154...

SUSE CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

GHSA-2657-3C98-63JQ esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages

Summary The commit does not actually fix the path traversal bug. path.Clean basically normalizes a path but does not prevent absolute paths in a malicious tar file. PoC This test file can demonstrate the basic idea pretty easily: go package server import "archive/tar" "bytes" "compress/gzip"...

esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages

Summary The commit does not actually fix the path traversal bug. path.Clean basically normalizes a path but does not prevent absolute paths in a malicious tar file. PoC This test file can demonstrate the basic idea pretty easily: go package server import "archive/tar" "bytes" "compress/gzip"...

CVE-2026-23950

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

Improper Handling of Unicode Encoding

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS. An attacker can overwrite arbitrary files by exploiting Unicode...

Improper Handling of Unicode Encoding

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS. An attacker can overwrite arbitrary files by exploiting Unicode normalization collisions ...

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

DEBIAN-CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

CVE-2026-23950

Summary of CVE-2026-23950 (node-tar) : A race condition in node-tar’s path-reservations on macOS APFS/HFS+ enables parallel processing of conflicting Unicode paths (e.g., “ß” vs “ss”), bypassing internal locks and allowing an Arbitrary File Overwrite . Affected are node-tar versions up to 7.5.3; ...

CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...