ROOT-OS-UBUNTU-2404-CVE-2024-50106 CVE-2024-50106 in rootio-linux - Patched by Root

Root has patched CVE-2024-50106 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-APP-NPM-GHSA-8H8Q-6873-Q5FJ GHSA-8h8q-6873-q5fj in @rootio/next - Patched by Root

Root has patched GHSA-8h8q-6873-q5fj in the @rootio/next package for Root:npm. Multiple fixed versions available...

PT-2026-50147

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...

ROOT-APP-NUGET-CVE-2026-40894 CVE-2026-40894 in Rootio.OpenTelemetry.Api - Patched by Root

Root has patched CVE-2026-40894 in the Rootio.OpenTelemetry.Api package for Root:NuGet. Multiple fixed versions available...

SUSE CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

CVE-2026-24131

CVE-2026-24131 concerns pnpm, a package manager. Before version 10.28.2, processing a package’s directories.bin field could join a path without ensuring it stayed under the package root, enabling a crafted package to escape the package and chmod files at arbitrary locations on Unix-like systems. ...

CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

pnpm has Path Traversal via arbitrary file permission modification

Summary When pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory, causing pnpm to chmod 755 files at arbitrary...

GHSA-M733-5W8F-5GGW pnpm has symlink traversal in file:/git dependencies

Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...

pnpm has symlink traversal in file:/git dependencies

Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...

PT-2026-4829

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.2 Description pnpm, a package manager, is susceptible to a file permission issue when processing the directories.bin field within a package. A malicious npm package can manipulate this field, specifically by using...

EUVD-2002-1269

Malware in sbrugna...

CVE-2004-0395

The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call...

CVE-2004-0395

The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call...

[SECURITY] New versions of Debian traceroute packages

---------------------------------------------------------------------------- Debian Security Advisory [email protected] http://www.debian.org/security/ Daniel Jacobowitz October 13, 2000 - ---------------------------------------------------------------------------- Package: traceroute...