121 matches found
EUVD-2026-38229
MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...
PYSEC-0000-CVE-2026-40861
A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...
PT-2026-45363
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A flaw in the FileTaskHandler allows a DAG author to access or modify files outside the configured base log folder when the worker log folder is shared with the API server. This can be achieve...
CVE-2026-46402
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed execution with unnecessary privileges. Since Exim operates as root in the log directory which is owned by a non-root user, a symlink or hard link attack could allow overwriting of critical root-owned files anywhere in the filesystem...
CVE-2026-35345
A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...
CVE-2026-35345
CVE-2026-35345 concerns the tail utility in uutils coreutils. The vulnerability arises with the --follow=name option: the implementation continues watching a path after it has been replaced by a symlink and then outputs the contents of the link’s target. In environments where a privileged user mo...
CVE-2026-35345
A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...
CVE-2026-35345 uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race
A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...
CVE-2026-35345 uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race
A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...
Linux Distros Unpatched Vulnerability : CVE-2026-35345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU...
CVE-2026-5014
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The...
EUVD-2019-19928
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to...
EUVD-2019-19959
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...
CVE-2019-25609
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...
CVE-2019-25593
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to...
CVE-2019-25609
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...
CVE-2019-25609 JetAudio jetCast Server 2.0 Local SEH Buffer Overflow
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...
CVE-2019-25609 JetAudio jetCast Server 2.0 Local SEH Buffer Overflow
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...
CVE-2019-25609
JetAudio jetCast Server 2.0 is affected by a stack-based buffer overflow in the Log Directory configuration field. The vulnerability allows local attackers to overwrite structured exception handling (SEH) pointers, enabling injection of alphanumeric encoded shellcode to trigger an SEH handler and...