PT-2025-49673

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ext4 filesystem related to rbtree traversal within the ext4 mb use preallocated function. Specifically, the issue arises during memory allocation...

EUVD-2023-28012

Malicious code in bioql PyPI...

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

CVE-2025-33035

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

CVE-2025-47788

Affected software: Atheos self-hosted browser-based IDE. Vulnerability: Prior to v602, the $target parameter in /controller.php was not properly validated, enabling path traversal to read/execute arbitrary files on the server. Root cause: insufficient input validation in the target parameter hand...

Fedora 41 : php-tcpdf (2025-85549e07c8)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-85549e07c8 advisory. Version 6.9.1 2025-04-03 - Fixed Path Traversal security vulnerability reported by Positive Technologies. ---- Version 6.9.0 2025-03-30 - Added PHP 8.4...

CVE-2024-57977

CVE-2024-57977 is a Linux kernel vulnerability in memcg where the OOM task traversal could cause a soft lockup when thousands of processes reside in the OOM cgroup. The issue arises from scanning OOM tasks for each memory pressure event, delaying the watchdog handling. The documented fix adds a r...

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

AZL-40565 CVE-2024-27396 affecting package hyperv-daemons for versions less than 6.6.35.1-1

In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtpdellink Since callrcu, which is called in the hlistforeachentryrcu traversal of gtpdellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass durin...

Security update for dcmtk (moderate)

openSUSE Security Update: Security update for dcmtk Announcement ID: openSUSE-SU-2023:0108-1 Rating: moderate References: 1206070 1208637 1208638 1208639 Cross-References: CVE-2022-2119 CVE-2022-2120 CVE-2022-2121 CVE-2022-43272 CVSS scores: CVE-2022-2119 NVD : 9.8...

SUSE-SU-2023:0733-1 Security update for go1.19

This update for go1.19 fixes the following issues: - CVE-2022-41722: Fixed path traversal in filepath.Clean on Windows bsc1208269. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding bsc1208270. - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls bsc1208271. -...

SUSE-SU-2022:2046-1 Security update for rubygem-sinatra

This update for rubygem-sinatra fixes the following issues: - CVE-2022-29970: Fixed possible path traversal outside of publicdir when serving static files bsc1199138...

SUSE-SU-2022:1689-1 Security update for containerd, docker

This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities bsc1197517. - CVE-2022-23648: Fixed directory traversal issue bsc1196441. - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server bsc1197284. -...

SUSE-SU-2022:1507-1 Security update for containerd, docker

This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities bsc1197517. - CVE-2022-23648: Fixed directory traversal issue bsc1196441. - CVE-2021-41190: Fixed parsing confusions in OCI manifest and index bsc1193273. -...

Huawei EulerOS: Security Advisory for file-roller (EulerOS-SA-2022-1530)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:0176-2 Security update for unbound

This update for unbound fixes the following issues: - CVE-2019-25031: Fixed configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack bsc1185382. - CVE-2019-25032: Fixed integer overflow in the regional allocator via regionalalloc bsc1185383. - CVE-2019-25033...

OPENSUSE-SU-2022:0140-1 Security update for grafana

This update for grafana fixes the following issues: - CVE-2021-39226: Fixed snapshot authentication bypass bsc1191454 - CVE-2021-43813: Fixed markdown path traversal bsc1193688...

[SECURITY] [DLA 2540-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2540-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 01, 2021 https://wiki.debian.org/LTS -...

CVE-2021-21269

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust join method without checking user input might have made it abe to do a Path Traversal attack causing to read more...