Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allowed execution with unnecessary privileges. Since Exim operates as root in the log directory which is owned by a non-root user, a symlink or hard link attack could allow overwriting of critical root-owned files anywhere in the filesystem...

EUVD-2026-25182

Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...

GHSA-957R-R8GC-VV3H uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

CVE-2026-35351 uutils coreutils mv Silent Ownership Loss in Cross-Device Operations

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

CVE-2026-35351 uutils coreutils mv Silent Ownership Loss in Cross-Device Operations

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability arises from the mv utility failing to retain file ownership when moving between different file system boundaries. The utility reverts to th...

PT-2026-34487

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron

Summary DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other customer-facing path operations likely as the fix for CVE-2023-6069. When the...

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

CVE-2026-29126

The CVE describes an issue in the International Data Casting (IDC) SFX2100 Satellite Receiver where a root-owned, world-writable /etc/udhcpc/default.script can be modified by a local unprivileged attacker. The script is executed on DHCP lease events, enabling local privilege escalation and persis...

PT-2026-23120

Name of the Vulnerable Software and Affected Versions International Data Casting IDC SFX2100 Satellite Receiver affected versions not specified Description Multiple SUID root-owned binaries are present in the following directories: /home/monitor/terminal, /home/monitor/kore-terminal,...

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...

EUVD-2020-29674

Malware in sbrugna...

EUVD-2007-4054

Malware in sbrugna...

EUVD-2022-15981

Malicious code in bioql PyPI...

CVE-2024-52561

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change...

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

SUSE CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...