861 matches found
Important: Red Hat Security Advisory: postfix security update
An update for postfix is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
postfix: buffer over-read via malformed enhanced status code
A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...
RHSA-2026:25932 Red Hat Security Advisory: postfix security update
Bulletin has no description...
SUSE CVE-2026-49982
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....
GHSA-7C78-JF6Q-G5CM tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template
Summary The assertPath guard added to [email protected] rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'..' returns falsy but whose stringification still contains ../...
postfix: buffer over-read via malformed enhanced status code
A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...
Important: Red Hat Security Advisory: postfix security update
An update for postfix is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: Red Hat Security Advisory: postfix security update
An update for postfix is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
postfix: buffer over-read via malformed enhanced status code
A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...
ALSA-2026:25930 Important: postfix security update
The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...
RHEL 10 : postfix (RHSA-2026:25930)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25930 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buff...
Linux Distros Unpatched Vulnerability : CVE-2026-44705
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the...
CVE-2026-44705
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....
UBUNTU-CVE-2026-44705
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....
CVE-2026-49982 tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....
CVE-2026-49982
The CVE concerns the node-tmp package (tmp) used by Node.js apps. In v0.2.6, a guard in the _assertPath function rejects only string values containing the substring "..", but the bypass occurs when prefix/postfix/template are provided as non-string values (e.g., Array, Buffer, or objects) whose i...
CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....
CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....
PT-2026-48678
Name of the Vulnerable Software and Affected Versions tmp version 0.2.6 Description A type-confusion issue exists in the assertPath guard. The guard only rejects string values containing the substring .., allowing it to be bypassed when prefix, postfix, or template are supplied as non-string valu...
MGASA-2026-0192 Updated postfix packages fix security vulnerability
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number. CVE-2026-43964...