161 matches found
EUVD-2026-39594
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...
CVE-2026-13218
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...
CVE-2026-44957
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...
CVE-2026-54229 Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...
PT-2026-49074
Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A race condition exists in the ChownProblemDir method of the abrt-dbus D-Bus service. The ChownProblemDir method opens the dump directory using DD OPEN READONLY and executes dd chown to...
CVE-2026-11837
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
Ansible 后置链接漏洞
Ansible is an easy-to-use IT automation system developed under the open source license. Ansible has a post-installation link vulnerability, which originates from the Posix authorizedkey module. The keyfile function uses os.chown instead of os.lchown, and does not use ONOFOLLOW to open files, whic...
CVE-2026-25710
The CVE-2026-25710 issue affects the plasmaloginauthhelper, a privileged D-Bus helper. A compromised plasmalogin service account can chown arbitrary files, enabling local privilege escalation with high impact on system confidentiality and integrity; availability is noted as high in the metrics. U...
ciguard: Container image runs as root (no USER directive)
Summary The published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. ciguard is a static analyser with no need for root privileges; running as root inside a container makes any future container-runtime escape CVE more impactfu...
GHSA-88CH-Q68X-36V7 Duplicate Advisory: uutils coreutils has an Incorrect Check of Function Return Value
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references. Original Description A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit...
CVE-2026-35340
The CVE-2026-35340 issue affects the uutils coreutils chown and chgrp via the ChownExecutor. In recursive operations, the utilities return an exit code based solely on the last processed file; if earlier ownership/group changes failed due to permissions, they may still report success (0). This ca...
nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.
A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...
GHSA-Q9VP-3WCG-8P4X Incus vulnerable to local privilege escalation through VM screenshot path
Summary Incus provides an API to retrieve VM screenshots, that API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As Incus uses predictable paths under /tmp for this, an attacker with local access to the...
CVE-2026-0023
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0023
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-9237
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-68933
CVE-2025-68933 (Discourse) is a broken access control vulnerability affecting Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Non-admin moderators with the moderators_change_post_ownership setting enabled can change ownership of posts in private messages and restricted cate...
Discourse security vulnerabilities
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, and 2026.1.0. These...
Unbreakable Enterprise kernel security update
5.15.0-316.196.4.1 - tipc: Fix use-after-free in tipcmonreinitself. Kuniyuki Iwashima Orabug: 38788585 CVE-2025-40280 - fs/proc: fix uaf in procreaddirde Wei Yang Orabug: 38788587 CVE-2025-40271 - vsock: Ignore signal/timeout on connect if already established Michal Luczaj Orabug: 38788594...
CVE-2023-43116
A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINEPATH variable in the fix-buildkite-agent-builds-permissions script...