SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:1862-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1862-1 advisory. This update for go1.25 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling...

CVE-2025-68428 jsPDF has Local File Inclusion/Path Traversal vulnerability

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file...

CVE-2025-68428 jsPDF has Local File Inclusion/Path Traversal vulnerability

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file...

PYSEC-2024-213

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

SUSE CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

GHSA-VP49-2G4R-M3X3 SaltStack Salt is vulnerable Arbitrary Directory Access

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

Arbitrary Directory Access

salt allows arbitrary directory access. The salt-master process in ClearFuncs class allows access to some methods that improperly sanitize paths and the methods allow authenticated users to access arbitrary directories...

CVE-2018-10860

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary...

DEBIAN-CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

UBUNTU-CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

Gentoo Security Advisory GLSA 200408-17 (rsync)

The remote host is missing updates announced in advisory GLSA 200408-17. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...