Security update for go1.25

This update for go1.25 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

EUVD-2021-1822

Malware in sbrugna...

Insecure Randomness

Formidable is vulnerable to Insecure Randomness. The vulnerability is due to weak randomness due to the use of the non-cryptographically secure hexoid module for generating temporary filenames for untrusted content...

SUSE CVE-2018-12713

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...

Permissions bypass in pleaser

pleaseedit in pleaser before 0.4.0 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...

CVE-2021-31154

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...

RUSTSEC-2021-0102 Permissions bypass in pleaser

pleaseedit in pleaser before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...

CVE-2021-31154

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...

Huawei EulerOS: Security Advisory for gimp (EulerOS-SA-2019-2021)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : gimp (EulerOS-SA-2019-2021)

According to the versions of the gimp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files.An attacker...

EulerOS 2.0 SP5 : gimp (EulerOS-SA-2019-1675)

According to the version of the gimp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by t...

CVE-2018-12713

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...

CVE-2018-12713

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...

[oss-security] CVE Request - Predictable temporary filenames in GNU Emacs

I reported these bugs on the Debian tracker on Monday: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747100 In brief some of the bundled Emacs Lisp uses predictable /tmpfile names insecurely: lisp/gnus/gnus-fun.el: In the function gnus-grab-cam-face the file "/tmp/gnus.face.ppm" is used,...

CVE-2006-6678

The edittextarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename...

DEBIAN-CVE-2006-6678

The edittextarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename...

GLSA-200503-30 : Mozilla Suite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-30 Mozilla Suite: Multiple vulnerabilities The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape...

Mozilla Firefox: Various vulnerabilities

Background Mozilla Firefox is the popular next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it...

Symlink vulnerabilities in mailmgr

--------------------------------------------------------- Title : Symlink vulnerabilities in mailmgr Bug finder : Marco van Berkum [email protected] Website : http://ws.obit.nl URL to mailmgr : http://web.onda.com.br/orso/mailmgr.html Tested version : Mailmgr-1.2.3 Date : 12 Feb 2004...

CVE-2003-0771

Gallery.pm in Apache::Gallery aka A::G uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does...