708 matches found
Security advisory: Improper Link Resolution Before File Access in QFileSystemEngine in the Qt corelib module on Windows impacts Qt
Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows potentially allows Symlink Attacks and the use of Malicious Files. This vulnerability has been discovered and assigned the CVE ID CVE-2025-4211. The issue originates...
Below has Incorrect Permission Assignment for Critical Resource
Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as...
GHSA-9MC5-7QHG-FP3W Below has Incorrect Permission Assignment for Critical Resource
Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as...
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...
Linux Distros Unpatched Vulnerability : CVE-2013-4184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks CVE-2013-4184 Note that Nessus relies on the presence of the package as reported by...
Linux Distros Unpatched Vulnerability : CVE-2015-1197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...
Linux Distros Unpatched Vulnerability : CVE-2011-2924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was...
Linux Distros Unpatched Vulnerability : CVE-2011-3632
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. CVE-2011-363...
Linux Distros Unpatched Vulnerability : CVE-2009-5080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 contrib/eqn2graph/eqn2graph.sh, 2 contrib/grap2graph/grap2graph.sh, and 3 contrib/pic2graph/pic2graph.sh scripts in GNU troff aka groff 1.21 and earlier d...
CVE-2024-1329
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...
PT-2025-25653
Name of the Vulnerable Software and Affected Versions linux-pam affected versions not specified Description A flaw in the pam namespace module of linux-pam allows local users to elevate their privileges to root via multiple symlink attacks and race conditions. This occurs when a user can launch a...
pcp security update
6.2.2-7 - Fix buffer sizing checks in pmstore PDU handling RHEL-57809 - Guard against symlink attacks in pmpost program RHEL-57814 - Fix libpcpweb webgroup slow request refcounting RHEL-58307 - Updated pmdahacluster for newer crmmon versions RHEL-58303...
Oracle Linux 9 : pcp (ELSA-2024-9452)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9452 advisory. 6.2.2-7 - Fix buffer sizing checks in pmstore PDU handling RHEL-57809 - Guard against symlink attacks in pmpost program RHEL-57814 - Fix libpcpweb...
pcp security update
6.2.0-5.0.1 - Fixed libpcp derived metric issue for ol9 Orabug: 36538820 6.2.0-5 - Fix buffer sizing checks in pmstore PDU handling RHEL-57805 - Guard against symlink attacks in pmpost program RHEL-57810 - Fix libpcpweb webgroup slow request refcounting RHEL-58306 - Updated pmdahacluster for newe...
pcp security update
5.3.7-22.0.1 - pcp-zoneinfo fix to replay ol7 archives Orabug: 35903733 - Backporting of python tool pcp-meminfo Orabug: 35759707 - Backporting of python tool pcp-slabinfo Orabug: 35560940 - Backporting of python tool pcp-buddyinfo Orabug: 35660932 - Backporting of python tool pcp-netstat Orabug:...
Oracle Linux 9 : pcp (ELSA-2024-6848)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6848 advisory. 6.2.0-5.0.1 - Fixed libpcp derived metric issue for ol9 Orabug: 36538820 6.2.0-5 - Fix buffer sizing checks in pmstore PDU handling RHEL-57805 - Guard...
Oracle Linux 8 : pcp (ELSA-2024-6837)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6837 advisory. 5.3.7-22.0.1 - pcp-zoneinfo fix to replay ol7 archives Orabug: 35903733 - Backporting of python tool pcp-meminfo Orabug: 35759707 - Backporting of pyth...
OESA-2024-2018 pcp security update
PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A vulnerability has been identified in the Performance Co-Pilot P...
SUSE CVE-2023-6917
A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...