40 matches found
EUVD-2021-22573
Malware in sbrugna...
EUVD-2023-53943
Malicious code in bioql PyPI...
CVE-2025-54798 tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...
CVE-2025-54798
CVE-2025-54798 concerns the tmp package for Node.js. In versions 0.2.3 and earlier, it is vulnerable to arbitrary temporary file and directory writes via the symbolic link dir parameter. The issue is fixed in version 0.2.4; users should upgrade to 0.2.4 or later to mitigate. The connected IBM bul...
CVE-2025-3046
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...
GNU GRUB Buffer Overflow Vulnerability (CNVD-2025-08310)
GNU GRUB is a Linux system boot program from the GNU community. A buffer overflow vulnerability exists in GNU GRUB. The vulnerability stems from the romsfs module containing an integer overflow issue when handling symbolic links, resulting in a heap-based out-of-bounds write when reading data. No...
Linux Distros Unpatched Vulnerability : CVE-2021-41072
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has...
Important: rsync
Issue Overview: A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data...
CVE-2024-12088
A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...
CVE-2024-12088 Rsync: --safe-links option bypass leads to path traversal
A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...
CVE-2024-12088
A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...
K000149073: PostgreSQL vulnerabilities CVE-2021-3393, CVE-2015-5289, and CVE-2017-8806
Security Advisory Description CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose...
RHEL 6 : rpm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rpm: Following symlinks to directories when installing packages allows privilege escalation CVE-2017-7500...
RHEL 7 : rpm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rpm: Following symlinks to directories when installing packages allows privilege escalation CVE-2017-7500...
Medium: rpm
Issue Overview: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data...
CentOS 8 : rpm (CESA-2024:0647)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0647 advisory. - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response ...
RHEL 9 : rpm (RHSA-2024:0453)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0453 advisory. The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1174)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1202)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.0 : rpm (EulerOS-SA-2023-1174)
According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were...