7 matches found
CVE-2026-49958
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
Medium: fdupes
Issue Overview: In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. CVE-2022-48682 Affected Packages: fdupes Issue Correction: Run dnf update fdupes --releasever 2023.4.20240528 or dnf update --advisory ALAS2023-2024-633 --releasever...
systemd security update
239-82.0.1 - Fixed deletion issue for symlink when device is opened Orabug: 36228608 - Fix local-fs and remote-fs targets during system boot replaces old Orabug: 25897792 Orabug: 35871376 - 1A Add 'systemd-fstab-generator-reload-targets.service' file Orabug: 35871376 - 1B Add required rpms for...
DEBIAN-CVE-2022-48682
In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink...
samba security and bug fix update
4.14.5-9 - resolves: rhbz2046174 - Fix username map script regression of CVE-2020-25717 - resolves: rhbz2046160 - Fix possible segfault while joining a domain - resolves: rhbz2046152 - Fix CVE-2021-44142 4.14.5-8 - resolves: rhbz2026717 - Dir containing dangling symlinks cannot be deleted...
rubygems: Delete directory using symlink when decompressing tar
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...
UBUNTU-CVE-2019-8320
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...