Lucene search
K

299 matches found

NVD
NVD
added 2026/06/29 12:16 p.m.10 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS0.00105EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-630 Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system...

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

7.2CVSS6.1AI score0.00136EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When resolving a symbolic link, a race condition may occur, where the buffer passed to readlink might actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems Android, Linux, MacOS. Windows is unaffected. This vulnerability affects Firefox ESR 115.6,...

5.3CVSS6.7AI score0.00665EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 8:16 p.m.14 views

CVE-2026-48983

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS0.00084EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50784

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description A symlink race condition exists in the creation of per-device and per-user pad directories. The software employs a check-then-act pattern, where it calls lstat to verify existence and subsequently...

5.8CVSS5.9AI score0.00084EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50471

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...

6.1CVSS5.4AI score0.00077EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/16 5:38 p.m.13 views

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

7.8CVSS5.3AI score0.00152EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/16 5:37 p.m.5 views

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

7.8CVSS5.3AI score0.00152EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/16 7:31 a.m.8 views

USN-8349-3: rsync regression

USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/06/16 7:31 a.m.5 views

USN-8349-3 rsync regression

USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read...

8.1CVSS5.6AI score0.0078EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.8 views

RHEL 9 : rsync (RHSA-2026:26410)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26410 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because...

8.1CVSS5.6AI score0.0078EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 9:16 p.m.8 views

UBUNTU-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/12 8:3 p.m.5 views

CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.5AI score0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:3 p.m.20 views

CVE-2026-54055

Kitty (cross‑platform GPU terminal) contains a local privilege escalation vulnerability in its file transmission protocol prior to 0.47.2. A TOCTOU race between symlink validation and file creation allows a child process in the terminal to cause an attack to write to arbitrary files because os.op...

5CVSS5.5AI score0.00072EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:3 p.m.30 views

CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS0.00072EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/12 8:3 p.m.6 views

CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.6AI score0.00072EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.23 views

PT-2026-48992

Name of the Vulnerable Software and Affected Versions Kitty versions 0.47.0 through 0.47.1 Description In the kitten dnd component, a malicious remote drag-and-drop source can overwrite or truncate arbitrary files that the local user has permission to write. This occurs because remote text/uri-li...

7.6CVSS6.1AI score0.00268EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48969

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.2 Description A local privilege escalation exists in the file transmission protocol. A child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.4AI score0.00072EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/08 4:41 p.m.15 views

USN-8349-2: rsync regression

USN-8349-1 fixed vulnerabilities in rsync. The update introduced multiple regressions in rsync functionality. This update fixes the problem. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/08 4:41 p.m.14 views

USN-8349-2 rsync regression

USN-8349-1 fixed vulnerabilities in rsync. The update introduced multiple regressions in rsync functionality. This update fixes the problem. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with...

8.1CVSS5.6AI score0.0078EPSS
Exploits1References2
Rows per page
Query Builder