6761 matches found
[SECURITY] [DSA 6297-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6297-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 26, 2026 https://www.debian.org/security/faq -...
CVE-2026-48693
CVE-2026-48693 concerns the FastNetMon Community Edition up to 1.2.9. The issue is a local symlink attack due to predictable file paths in /tmp, notably the default statistics file at '/tmp/fastnetmon.dat'. The vulnerable code path opens this path with std::ios::trunc without following symlinks o...
PT-2026-43439
Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...
PT-2026-43311
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...
Unity Linux 20.1060e / 20.1070e Security Update: nodejs-fstream (UTSA-2026-016675)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016675 advisory. fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file th...
androidqf: APK download Path Traversal in device APK paths
Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...
Astra Linux - уязвимость в exim4
Exim 4 before 4.94.2 allowed execution with unnecessary privileges. The -oP option is available to the exim user, and it could lead to a denial of service, as files owned by root could be overwritten...
Astra Linux - уязвимость в vim
Vim is an open-source, command-line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin could allow overwriting of arbitrary files when opening specially crafted tar archives. The impact is limited because this exploit requires direct user interaction. However,...
Astra Linux - уязвимость в git
Git GUI allows you to use Git source control management tools through a graphical interface. When a user clones an untrusted repository and is tricked into editing a file located in a directory with a malicious name in the repository, Git GUI can create and overwrite files for which the user has...
Astra Linux - уязвимость в openssh
In OpenSSH 8.2, the scp client incorrectly sends duplicate responses to the server when a utimes system call fails. This allows a malicious, unprivileged user on the remote server to overwrite arbitrary files in the client’s download directory by creating a crafted subdirectory anywhere on the...
Astra Linux - уязвимость в exim4
Exim 4 before 4.94.2 allowed execution with unnecessary privileges. Since Exim operates as root in the log directory which is owned by a non-root user, a symlink or hard link attack could allow overwriting of critical root-owned files anywhere in the filesystem...
Astra Linux - уязвимость в vim
Vim is an open-source, command-line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin could allow overwriting of arbitrary files when opening specially crafted zip archives. The impact is limited because this exploit requires direct user interaction. However,...
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...
ALSA-2026:18868 Important: linux-sgx security update
The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...
RHEL 10 : linux-sgx (RHSA-2026:18480)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18480 advisory. The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SG...
RHEL 9 : linux-sgx (RHSA-2026:18868)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18868 advisory. The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX...
PT-2026-41960
Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...