Lucene search
+L

708 matches found

QT
QT
added 2025/05/16 12:0 a.m.23 views

Security advisory: Improper Link Resolution Before File Access in QFileSystemEngine in the Qt corelib module on Windows impacts Qt

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows potentially allows Symlink Attacks and the use of Malicious Files. This vulnerability has been discovered and assigned the CVE ID CVE-2025-4211. The issue originates...

7.3CVSS7.6AI score0.01292EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/03/11 9:12 p.m.17 views

Below has Incorrect Permission Assignment for Critical Resource

Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as...

6.8CVSS7.1AI score0.0036EPSS
Exploits23References9Affected Software1
OSV
OSV
added 2025/03/11 9:12 p.m.8 views

GHSA-9MC5-7QHG-FP3W Below has Incorrect Permission Assignment for Critical Resource

Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as...

7.8CVSS7.1AI score0.0036EPSS
Exploits23References9
Cvelist
Cvelist
added 2025/03/11 6:29 p.m.19 views

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...

0.0036EPSS
Exploits23References2
OSV
OSV
added 2025/03/11 6:29 p.m.8 views

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...

6.8CVSS7AI score0.0036EPSS
Exploits23References5
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2013-4184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks CVE-2013-4184 Note that Nessus relies on the presence of the package as reported by...

5.5CVSS5.7AI score0.00504EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2015-1197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...

1.9CVSS6.6AI score0.02906EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2011-2924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was...

5.5CVSS7.2AI score0.00434EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2011-3632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. CVE-2011-363...

7.1CVSS7.2AI score0.00494EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2009-5080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 contrib/eqn2graph/eqn2graph.sh, 2 contrib/grap2graph/grap2graph.sh, and 3 contrib/pic2graph/pic2graph.sh scripts in GNU troff aka groff 1.21 and earlier d...

3.3CVSS6.7AI score0.00357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 5:38 a.m.7 views

CVE-2024-1329

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...

7.7CVSS6.8AI score0.00617EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.9 views

PT-2025-25653

Name of the Vulnerable Software and Affected Versions linux-pam affected versions not specified Description A flaw in the pam namespace module of linux-pam allows local users to elevate their privileges to root via multiple symlink attacks and race conditions. This occurs when a user can launch a...

7.8CVSS7AI score0.00791EPSS
Exploits0References128
Oracle linux
Oracle linux
added 2024/11/19 12:0 a.m.22 views

pcp security update

6.2.2-7 - Fix buffer sizing checks in pmstore PDU handling RHEL-57809 - Guard against symlink attacks in pmpost program RHEL-57814 - Fix libpcpweb webgroup slow request refcounting RHEL-58307 - Updated pmdahacluster for newer crmmon versions RHEL-58303...

5.5CVSS7.1AI score0.00288EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.11 views

Oracle Linux 9 : pcp (ELSA-2024-9452)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9452 advisory. 6.2.2-7 - Fix buffer sizing checks in pmstore PDU handling RHEL-57809 - Guard against symlink attacks in pmpost program RHEL-57814 - Fix libpcpweb...

5.5CVSS7AI score0.00288EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2024/09/19 12:0 a.m.18 views

pcp security update

6.2.0-5.0.1 - Fixed libpcp derived metric issue for ol9 Orabug: 36538820 6.2.0-5 - Fix buffer sizing checks in pmstore PDU handling RHEL-57805 - Guard against symlink attacks in pmpost program RHEL-57810 - Fix libpcpweb webgroup slow request refcounting RHEL-58306 - Updated pmdahacluster for newe...

5.5CVSS5.7AI score0.00288EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/09/19 12:0 a.m.25 views

pcp security update

5.3.7-22.0.1 - pcp-zoneinfo fix to replay ol7 archives Orabug: 35903733 - Backporting of python tool pcp-meminfo Orabug: 35759707 - Backporting of python tool pcp-slabinfo Orabug: 35560940 - Backporting of python tool pcp-buddyinfo Orabug: 35660932 - Backporting of python tool pcp-netstat Orabug:...

5.5CVSS7.5AI score0.00288EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/19 12:0 a.m.16 views

Oracle Linux 9 : pcp (ELSA-2024-6848)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6848 advisory. 6.2.0-5.0.1 - Fixed libpcp derived metric issue for ol9 Orabug: 36538820 6.2.0-5 - Fix buffer sizing checks in pmstore PDU handling RHEL-57805 - Guard...

5.5CVSS7AI score0.00288EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/19 12:0 a.m.28 views

Oracle Linux 8 : pcp (ELSA-2024-6837)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6837 advisory. 5.3.7-22.0.1 - pcp-zoneinfo fix to replay ol7 archives Orabug: 35903733 - Backporting of python tool pcp-meminfo Orabug: 35759707 - Backporting of pyth...

5.5CVSS6.9AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 2024/08/23 11:8 a.m.7 views

OESA-2024-2018 pcp security update

PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A vulnerability has been identified in the Performance Co-Pilot P...

6.7CVSS6.8AI score0.002EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/07/13 2:59 a.m.5 views

SUSE CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...

6.7CVSS6.8AI score0.002EPSS
Exploits0References10
Rows per page
Query Builder