Lucene search
K

708 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31429

Malicious code in bioql PyPI...

7.3CVSS7.4AI score0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19056

Malicious code in bioql PyPI...

7.8CVSS7.8AI score0.00399EPSS
Exploits0References22
RedhatCVE
RedhatCVE
added 2025/09/30 6:8 p.m.5 views

CVE-2025-7647

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

7.3CVSS6.9AI score0.00134EPSS
Exploits0References5
CVE
CVE
added 2025/09/27 4:34 p.m.21 views

CVE-2025-7647

CVE-2025-7647 affects llama-index-core up to version 0.12.44, with a vulnerability in get_cache_dir() that uses a predictable, hardcoded directory path (/tmp/llama_index) on Linux. On multi-user Linux systems, this insecure temporary directory can enable local attackers to steal proprietary model...

7.3CVSS6.5AI score0.00134EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

EulerOS 2.0 SP12 : pam (EulerOS-SA-2025-2019)

According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate...

7.8CVSS7.5AI score0.00399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

EulerOS 2.0 SP10 : pam (EulerOS-SA-2025-2107)

According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate...

7.8CVSS7.5AI score0.00399EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:48 p.m.5 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to improper access control due to the linux-pam package (CVE-2025-6020)

Summary Linux-pam is used by DataStage on Cloud Pak for Data as part of the authentication functionality. Vulnerability Details CVEID:CVE-2025-6020 DESCRIPTION: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local...

7.8CVSS6.3AI score0.00399EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/09/03 1:33 a.m.4 views

linux-pam: Incomplete fix for CVE-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/03 1:29 a.m.6 views

linux-pam: Incomplete fix for CVE-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/03 1:15 a.m.4 views

linux-pam: Incomplete fix for CVE-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/03 1:8 a.m.3 views

linux-pam: Linux-pam directory Traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.5 views

Alibaba Cloud Linux 3 : 0145: pam (ALINUX3-SA-2025:0145)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0145 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-6020: A flaw was found in linux-pam. The...

7.8CVSS7.5AI score0.00399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/31 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-8941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race...

7.8CVSS7.1AI score0.00399EPSS
Exploits0References3
OSV
OSV
added 2025/08/29 2:52 p.m.3 views

GO-2025-3892 HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter

HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter...

7.5CVSS6.9AI score0.00507EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/08/26 1:34 a.m.3 views

linux-pam: Linux-pam directory Traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/15 9:31 p.m.8 views

HashiCorp go-getter Vulnerable to Symlink Attacks

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS5.8AI score0.00507EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/15 8:32 p.m.4 views

CVE-2025-8959 HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/08/14 2:55 a.m.5 views

SUSE CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

7CVSS6.5AI score0.00254EPSS
Exploits0References5
OSV
OSV
added 2025/08/13 3:15 p.m.8 views

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

7.8CVSS6.5AI score0.00254EPSS
Exploits0References16
OSV
OSV
added 2025/08/13 3:15 p.m.4 views

UBUNTU-CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

7.8CVSS6.9AI score0.00254EPSS
Exploits0References3
Rows per page
Query Builder