Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.9 views

CVE-2026-49958

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS5.6AI score0.00081EPSS
Exploits0References1
Amazon
Amazon
added 2024/05/28 12:0 a.m.3 views

Medium: fdupes

Issue Overview: In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. CVE-2022-48682 Affected Packages: fdupes Issue Correction: Run dnf update fdupes --releasever 2023.4.20240528 or dnf update --advisory ALAS2023-2024-633 --releasever...

6CVSS6.9AI score0.00195EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/05/23 12:0 a.m.382 views

systemd security update

239-82.0.1 - Fixed deletion issue for symlink when device is opened Orabug: 36228608 - Fix local-fs and remote-fs targets during system boot replaces old Orabug: 25897792 Orabug: 35871376 - 1A Add 'systemd-fstab-generator-reload-targets.service' file Orabug: 35871376 - 1B Add required rpms for...

5.9CVSS6.8AI score0.01051EPSS
Exploits4
OSV
OSV
added 2024/04/26 1:15 a.m.3 views

DEBIAN-CVE-2022-48682

In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink...

6CVSS5.5AI score0.00195EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2022/02/01 12:0 a.m.91 views

samba security and bug fix update

4.14.5-9 - resolves: rhbz2046174 - Fix username map script regression of CVE-2020-25717 - resolves: rhbz2046160 - Fix possible segfault while joining a domain - resolves: rhbz2046152 - Fix CVE-2021-44142 4.14.5-8 - resolves: rhbz2026717 - Dir containing dangling symlinks cannot be deleted...

9CVSS1.2AI score0.74042EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2019/05/13 9:20 a.m.4 views

rubygems: Delete directory using symlink when decompressing tar

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...

8.8CVSS7.3AI score0.04212EPSS
Exploits1References4
OSV
OSV
added 2019/03/27 12:0 a.m.2 views

UBUNTU-CVE-2019-8320

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...

7.4CVSS7.3AI score0.04212EPSS
Exploits1References7
Rows per page
Query Builder