708 matches found
EUVD-2025-31429
Malicious code in bioql PyPI...
EUVD-2025-19056
Malicious code in bioql PyPI...
CVE-2025-7647
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
CVE-2025-7647
CVE-2025-7647 affects llama-index-core up to version 0.12.44, with a vulnerability in get_cache_dir() that uses a predictable, hardcoded directory path (/tmp/llama_index) on Linux. On multi-user Linux systems, this insecure temporary directory can enable local attackers to steal proprietary model...
EulerOS 2.0 SP12 : pam (EulerOS-SA-2025-2019)
According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate...
EulerOS 2.0 SP10 : pam (EulerOS-SA-2025-2107)
According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to improper access control due to the linux-pam package (CVE-2025-6020)
Summary Linux-pam is used by DataStage on Cloud Pak for Data as part of the authentication functionality. Vulnerability Details CVEID:CVE-2025-6020 DESCRIPTION: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local...
linux-pam: Incomplete fix for CVE-2025-6020
A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...
linux-pam: Incomplete fix for CVE-2025-6020
A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...
linux-pam: Incomplete fix for CVE-2025-6020
A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...
linux-pam: Linux-pam directory Traversal
A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...
Alibaba Cloud Linux 3 : 0145: pam (ALINUX3-SA-2025:0145)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0145 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-6020: A flaw was found in linux-pam. The...
Linux Distros Unpatched Vulnerability : CVE-2025-8941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race...
GO-2025-3892 HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter
HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter...
linux-pam: Linux-pam directory Traversal
A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...
HashiCorp go-getter Vulnerable to Symlink Attacks
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...
CVE-2025-8959 HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...
SUSE CVE-2025-8941
A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...
CVE-2025-8941
A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...
UBUNTU-CVE-2025-8941
A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...