CVE-2025-46093

LiquidFiles before 4.1.2 is affected. The vulnerability stems from FTP SITE CHMOD handling (mode 6777: setuid/setgid) which can allow FTPDrop users to execute arbitrary code as root by abusing the Actionscript feature and the sudoers configuration. Affected software: LiquidFiles prior to 4.1.2. I...

NewStart CGSL MAIN 7.02 : cups Multiple Vulnerabilities (NS-SA-2025-0113)

The remote NewStart CGSL host, running version MAIN 7.02, has cups packages installed that are affected by multiple vulnerabilities: - Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow a...

OESA-2025-1838 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through...

SUSE-SU-2025:02186-1 Security update for screen

This update for screen fixes the following issues: Security issues fixed: - CVE-2025-46802: temporary chmod of a user's TTY to mode 0666 when attempting to attach to a multi-user session allows for TTY hijacking bsc1242269. Other issues fixed: - Use TTY file descriptor passing after a suspend...

CVE-2025-52555

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

AZL-64386 CVE-2025-52555 affecting package ceph for versions less than 18.2.2-9

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

DEBIAN-CVE-2025-52555

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

UBUNTU-CVE-2025-52555

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

CVE-2025-52555 CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

Ceph 安全漏洞

Ceph is a file storage platform from Ceph open source. A security vulnerability exists in Ceph versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, which stems from an unprivileged user being able to elevate to root privileges via chmod 777...

TencentOS Server 4: cups (TSSA-2024:0910)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0910 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security update for screen

This update for screen fixes the following issues: This update also ships screen to SL Micro 6.1 Extras. also use tty fd passing after a suspend MSGCONT do not chmod the tty for multiattach, rely on tty fd passing instead bsc1242269 CVE-2025-46802 fix resume after suspend in multiuser mode Patch...

CVE-2021-30463

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm=admin= URI...

CVE-2021-29005

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server...

CVE-2020-15542

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...

CVE-2016-10849

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit SEC-82...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2025-1472)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PCMan FTP Server SITE CHMOD Command Handler Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from SITE CHMOD Command Handler failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of...

CVE-2025-3373

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclos...

CVE-2025-3373

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclos...