Lucene search
K

13 matches found

Ubuntu
Ubuntu
added 2026/05/28 6:34 p.m.20 views

USN-8229-2: sed vulnerability

USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local...

2.1CVSS5.9AI score0.00142EPSS
Exploits0
OSV
OSV
added 2026/05/28 6:34 p.m.8 views

USN-8229-2 sed vulnerability

USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:21 a.m.11 views

CVE-2026-5958

A Time-of-Check Time-of-Use TOCTOU race condition was found in GNU sed. When the -i in-place and --follow-symlinks options are used together, sed resolves the symlink but reopens the path for writing. An attacker with write access to the directory containing the symlink can swap it between the...

6.3CVSS5.8AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2026/05/09 12:33 p.m.10 views

OESA-2026-2282 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:33 p.m.7 views

OESA-2026-2281 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.7 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : sed vulnerability (USN-8229-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8229-1 advisory. Micha Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A...

2.1CVSS6AI score0.00142EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/04 12:24 p.m.14 views

USN-8229-1: sed vulnerability

Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files...

2.1CVSS5.9AI score0.00142EPSS
Exploits0
OSV
OSV
added 2026/05/04 12:24 p.m.8 views

USN-8229-1 sed vulnerability

Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:59 a.m.6 views

CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/24 12:16 a.m.6 views

DEBIAN-CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.3AI score0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-27257

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The SafeBuffer% function does not correctly propagate the @html unsafe flag to newly created buffers. If a...

6.1CVSS6.1AI score0.00327EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.9 views

PT-2026-7807

This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...

5.5AI score0.00136EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-13674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible dat...

6.5CVSS6.2AI score0.00456EPSS
Exploits0References2
Rows per page
Query Builder