29 matches found
RLSA-2026:26410 Important: rsync security update
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...
CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...
CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race
A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the writeFileWithinRoot function. An attacker can create or truncate files outside the intended root directory by exploiting a race...
CVE-2024-8244
The CVE concerns Go’s filepath.Walk and filepath.WalkDir, which are documented to not follow symbolic links and are subject to a TOCTOU race where a path segment can be replaced by a symlink during traversal. The material here does not specify affected versions, exact vulnerable components beyond...
TencentOS Server 3: firefox (TSSA-2024:0014)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0014 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
USN-7206-2 rsync regression
USN-7206-1 fixed vulnerabilities in rsync. The update introduced a regression in rsync. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. ...
[slackware-security] rsync
New rsync packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/rsync-3.4.0-i586-1slack15.0.txz: Upgraded. This is a security release, fixing several important security vulnerabilities: Heap Buffer...
rsync -- Multiple security fixes
rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...
CLSA-2024-1721124939 rpm: Fix of CVE-2021-35937
CVE-2021-35937: fix a possible privilege escalation through a symlink check race condition...
RHEL 6 : coreutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: Non-privileged session can escape to the parent session in chroot CVE-2016-2781 - In GNU...
SUSE-SU-2024:1009-1 Security update for python39
This update for python39 fixes the following issues: - CVE-2023-52425: Fixed denial of service resource consumption caused by processing large tokens in expat bsc1219559. - CVE-2023-6597: Fixed symlink race condition in tempfile.TemporaryDirectory bsc1219666. - CVE-2024-0450: Fixed 'quoted-overla...
Fedora 38 : thunderbird (2023-608dd04117)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-608dd04117 advisory. Update to 115.6.0 ; - https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/ -...
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-353-03)
The version of mozilla-thunderbird installed on the remote host is prior to 115.6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-353-03 advisory. - The signature of a digitally signed S/MIME email message may optionally specify the signature creation date...
Mozilla Firefox < 121.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 121.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-56 advisory. - Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we...
Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2022:1894)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1894 advisory. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG...
CVE-2022-21658
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...
FreeBSD : Gitlab -- Multiple vulnerabilities (8a4aba2d-f33e-11e8-9416-001b217b3468)
Gitlab reports : View Names of Private Groups Persistent XSS in Environments SSRF in Prometheus integration Unauthorized Promotion of Milestones Exposure of Confidential Issue Title Persisent XSS in Markdown Fields via Mermaid Script Persistent XSS in Markdown Fields via Unrecognized HTML Tags...
Debian DLA-894-1 : samba security update
Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition. F...
Oracle: Security Advisory (ELSA-2011-0909)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...