13 matches found
USN-8229-2: sed vulnerability
USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local...
USN-8229-2 sed vulnerability
USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local...
CVE-2026-5958
A Time-of-Check Time-of-Use TOCTOU race condition was found in GNU sed. When the -i in-place and --follow-symlinks options are used together, sed resolves the symlink but reopens the path for writing. An attacker with write access to the directory containing the symlink can swap it between the...
OESA-2026-2282 sed security update
Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...
OESA-2026-2281 sed security update
Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : sed vulnerability (USN-8229-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8229-1 advisory. Micha Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A...
USN-8229-1: sed vulnerability
Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files...
USN-8229-1 sed vulnerability
Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files...
CVE-2026-5958
When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...
DEBIAN-CVE-2026-33170
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...
PT-2026-27257
Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The SafeBuffer% function does not correctly propagate the @html unsafe flag to newly created buffers. If a...
PT-2026-7807
This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...
Linux Distros Unpatched Vulnerability : CVE-2020-13674
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible dat...