RHEL 9 : opentelemetry-collector (RHSA-2026:19721)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19721 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host litera...

RHEL 9 : opentelemetry-collector (RHSA-2026:19720)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19720 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host litera...

ALSA-2026:19135 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path...

ALSA-2026:19350 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang:...

RLSA-2026:11711 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

RLSA-2026:11507 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

RockyLinux 10 : golang (RLSA-2026:10217)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10217 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

Important: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GHSA-74M3-9QVM-RP9H zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...

Linux Distros Unpatched Vulnerability : CVE-2026-35349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than...

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

CVE-2025-69430

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...

CVE-2025-69429

The ORICO NAS CD3510 version V1.9.12 and below contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the...

MiracleLinux 9 : nano-5.6.1-6.el9 (AXSA:2024-9155:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9155:02 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...

Slackware: Security Advisory (SSA:2009-111-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...