37 matches found
DEBIAN-CVE-2026-25707
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...
CVE-2026-25707
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...
UBUNTU-CVE-2026-25707
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...
CVE-2026-25707
Summary of vulnerability (CVE-2026-25707) : A relative path traversal in libzypp’s repository metadata processing (prior to version 17.38.10) could allow remote repository authors to overwrite local files, potentially leading to denial of service or privilege escalation. Connected advisories indi...
SUSE SLED15: libsolv-devel / libsolv-tools / libsolv-tools-base / libzypp / etc (SUSE-SU-2026:2575-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2575-1 advisory. This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in...
SUSE SLED15: libsolv-devel / libsolv-tools / libsolv-tools-base / libzypp / etc (SUSE-SU-2026:2590-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2590-1 advisory. This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in...
SUSE SLED15: libsolv-devel / libsolv-tools / libsolv-tools-base / libzypp / etc (SUSE-SU-2026:2531-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2531-1 advisory. This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in...
SUSE-SU-2026:2575-1 Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in libsolv repoaddsolv via negative maxsize from crafted .solv file bsc1265935. - CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512...
SUSE-SU-2026:22221-1 Security update for zypper, libzypp, libsolv
This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...
SUSE-SU-2026:21988-1 Security update for libzypp, libsolv
This update for libzypp, libsolv fixes the following issues: libsolv was updated to 0.7.39: - fix solvchksumfree segfault when called with a NULL pointer - made repoaddsolv more robust against corrupt files bsc1265935 CVE-2026-9149 - fix potential buffer overflow when verifying EdDSA signatures...
Command Injection
Overview @wdio/browserstack-service is a WebdriverIO service for better Browserstack integration Affected versions of this package are vulnerable to Command Injection via the getGitMetadataForAISelection function. An attacker can execute arbitrary commands on the host system by supplying a...
Vulnerabilities fixed in GitLab
GitLab fixed vulnerabilities in versions 18.9.2, 18.8.6 and 18.7.6 The vulnerabilities included several issues, including incorrect authorization checks that allowed authenticated users to access sensitive data, such as metadata from private repositories, and enabling denial-of-service situations...
MiracleLinux 8 : librepo-1.11.0-3.el8 (AXSA:2020-543:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-543:01 advisory. librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 CVE-2020-14352: A flaw was found in librepo in versions before...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
CVE-2025-67844
The Mintlify Platform’s GitHub Integration API (pre-2025-11-15) fails to validate that configured repository owner/name belong to the user’s GitHub App Installation ID, enabling disclosure of sensitive repository metadata. Multiple sources corroborate the issue and cite the same root cause in the...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
PT-2025-52405
Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description The GitHub Integration API in Mintlify Platform has an issue where it does not properly validate the repository owner and name fields during configuration. This allows remote attackers...