CVE-2026-40090

Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...

OpenClaw: Reject symlinks in local skill packaging script

Vulnerability skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the...

PT-2026-21336

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.17 and earlier Description OpenClaw, a personal AI assistant, contains an issue in the skills/skill-creator/scripts/package skill.py script. This script previously followed symbolic links when creating .skill archives...

Oracle MySQL Server 8.4.x < 8.4.8 (January 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Docker Images SQLite. Supported versions that are affected are...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mysql (UTSA-2025-984858)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984858 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior an...

UBUNTU-CVE-2025-21543

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Rollup 跨站脚本漏洞

Rollup is an open source module packager for JavaScript by Rollup. A cross-site scripting vulnerability exists in Rollup prior to version 4.22.4, which arises from the introduction of cross-site scripting code during certain packaging operations...

SUSE CVE-2017-3265

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure...

SUSE CVE-2019-2536

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MyS...

mysql: Server: Packaging unspecified vulnerability (CPU Apr 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...

UBUNTU-CVE-2021-2307

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...

ALPINE-CVE-2020-8032

A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions...

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0017-1 Rating: moderate References: 1157449 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the followin...

CVE-2020-8024

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to...

UBUNTU-CVE-2020-8024

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to...

pcp: Local privilege escalation in pcp spec file %post section

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

CVE-2019-3695

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

mysql: Server: Packaging unspecified vulnerability (CPU Jan 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MyS...

mysql: Server: Packaging unspecified vulnerability (CPU Jan 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MyS...

Oracle MySQL Server Local Vulnerability (CNVD-2017-34511)

Oracle MySQL Server is an open source relational database management system from Oracle. This database system is characterized by high performance, low cost, good reliability and so on. A security vulnerability exists in the Server: Packaging subcomponent of the MySQL Server component in Oracle...