17707 matches found
USN-8277-1 linux, linux-aws, linux-hwe-6.17, linux-oem-6.17, linux-oracle, linux-raspi, linux-realtime, linux-realtime-6.17 vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8277-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
CLSA-2026-1779219098 grub2: Fix of CVE-2023-4692
CVE-2023-4692: fix OOB write when parsing NTFS $ATTRIBUTELIST entries...
kernel: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails
In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...
CVE-2026-46724
CVE-2026-46724 affects the Typo3 extension Faceted Search (ke_search). The file indexer does not normalize the configured directory path, allowing a backend user with permission to edit indexer configurations to index documents from arbitrary server file-system locations via path traversal. CVSS ...
USN-8275-1 linux-xilinx-zynqmp vulnerabilities
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...
USN-8274-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - BTRFS file system; - Sun RPC protocol; - XFRM subsystem; CVE-2022-49033, CVE-2024-27388,...
USN-8274-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - BTRFS file system; - Sun RPC protocol; - XFRM subsystem; CVE-2022-49033, CVE-2024-27388,...
Creation of Temporary File With Insecure Permissions
Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the getorcreatenfstmpdir and createmodeldownloadingtmpdir functions. An attacker can modify model artifacts by exploiting these permissions, potentially leading to arbitrary code...
MLFlow Creates a Temporary File With Insecure Permissions
In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...
CVE-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow
In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...
CVE-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow
In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...
MAL-2026-3829 Malicious code in pyenvprep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 963727b60e7fa8536050eb0f4691dc8bec6089567630063305d05ddceb4834cd Package contains code to silently execute a RAT-like agent, allowing the attacker to access the file system and execute arbitrary code. --- Category: MALICIOUS...
CVE-2026-8750 h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure
A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...
SUSE CVE-2026-8512
Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
Chromium: CVE-2026-8543 Out of bounds read in FileSystem
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-8512 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
GHSA-JRRG-99XH-5J2Q SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...
CVE-2026-41970
Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-41970
Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...