Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

openSUSE 16 Security Update : kubevirt (openSUSE-SU-2026:20281-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20281-1 advisory. Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status...

EUVD-2013-0990

Malware in sbrugna...

AlmaLinux 9 : python3.9 (ALSA-2025:10136)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10136 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

Vulnerabilities fixed in Rsync

Rsync Project has fixed vulnerabilities in Rsync versions 3.4.0. The most critical vulnerabilities in Rsync include a heap-based 'buffer overflow' CVE-2024-12084 and an 'info leak' CVE-2024-12085 that can lead to arbitrary code execution present in Rsync versions 3.2.7 & 3.3.0. In addition, there...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-2198)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0044-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Firefox Extended Support Release 115.6.0 ESR bsc1217974: CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver bmo1843782. CVE-2023-6857: Symlinks may resolve to smaller than expected...

CVE-2022-4122

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure...

SUSE-SU-2021:0217-1 Security update for postgresql, postgresql12, postgresql13

This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: https://www.postgresql.org/about/news/2077/ https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in...

openSUSE Security Update : libu2f-host / pam_u2f (openSUSE-2019-1725)

This update for libu2f-host and pamu2f to version 1.0.8 fixes the following issues : Security issues fixed for libu2f-host : - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response bsc1128140. Security issues fixed for pamu2f : - CVE-2019-12209: Fixed an issue where symlinks ...

OPENSUSE-SU-2019:1725-1 Security update for libu2f-host, pam_u2f

This update for libu2f-host and pamu2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response bsc1128140. Security issues fixed for pamu2f: - CVE-2019-12209: Fixed an issue where symlinks in...

SUSE-SU-2018:0926-1 Security update for policycoreutils

This update for policycoreutils fixes the following issues: - CVE-2018-1063: Fixed problem to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug bsc1083624...

ksymoops symbolic links

Symlink problem during temporary files processing...

Multiple midnight commander bugs

Buffer overflows, format string bugs, symlink problem on temporary files...

Imagemagic symlink problem

Unsafe temporary files handling...

rpcbind/fsr_efs/mv/errhook/uux vulnerabilities update

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: rpcbind/fsrefs/mv/errhook/uux vulnerabilities update Number: 20020903-02-P Date: October 14, 2002 - -------------- - --- Update --- - -------------- The patches in the original advisory are incompatible with R4000-class hardware...

[SECURITY] [DSA 121-1] New xtell packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 121-1 [email protected] http://www.debian.org/security/ Martin Schulze March 11th, 2002 - -------------------------------------------------------------------------- Package : xtell...