56 matches found
CVE-2026-35025
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...
EUVD-2026-38789
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...
CVE-2026-35025
ProFTPD versions affected: 1.3.9b and 1.3.10rc2. Issue: an access control bypass in the RNFR path handling allows authenticated FTP users to bypass Directory ACL restrictions by prefixing paths with /proc/self/root. Root cause: unresolved symlink components in dir_canonical_path() cause dir_check...
CVE-2026-35025 ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...
Malicious code in @a91082900/test_package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...
MAL-2026-3680 Malicious code in @a91082900/test_package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...
CLSA-2026-1778599539 Fix CVE(s): CVE-2026-4878
SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...
PYSEC-2026-34
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...
EUVD-2000-1131
Malware in sbrugna...
totally-safe-transmute allows transmuting any type to any other type in safe Rust
This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...
CVE-2021-47599
In the Linux kernel, the following vulnerability has been resolved: btrfs: use latestdev in btrfsshowdevname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfsshowdevname+0x104/0x1e8 btrfs CPU: 2 PID: 1 Comm: systemd Tainted: G W O...
CVE-2021-47599 btrfs: use latest_dev in btrfs_show_devname
In the Linux kernel, the following vulnerability has been resolved: btrfs: use latestdev in btrfsshowdevname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfsshowdevname+0x104/0x1e8 btrfs CPU: 2 PID: 1 Comm: systemd Tainted: G W O...
CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...
Exploit for File Descriptor Leak in Linuxfoundation Runc
CVE-2024-21626 For detailed explanation for this vulnerabilit...
SUSE CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a new container with an...
SUSE CVE-2022-45412
When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. This bug only affects Thunderbird on Unix-based operated systems Android, Linux, MacOS. Windows is unaffected.. This...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...