Lucene search
K

29 matches found

OSV
OSV
added 2026/06/17 12:3 p.m.5 views

RLSA-2026:26410 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

8.1CVSS5.5AI score0.0078EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 8:3 p.m.32 views

CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS0.00072EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.30 views

CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

6.3CVSS0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/02 9:55 p.m.5 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the writeFileWithinRoot function. An attacker can create or truncate files outside the intended root directory by exploiting a race...

8.7CVSS6AI score
Exploits0References3
CVE
CVE
added 2025/08/06 3:32 p.m.31 views

CVE-2024-8244

The CVE concerns Go’s filepath.Walk and filepath.WalkDir, which are documented to not follow symbolic links and are subject to a TOCTOU race where a path segment can be replaced by a symlink during traversal. The material here does not specify affected versions, exact vulnerable components beyond...

3.7CVSS6.4AI score0.00203EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: firefox (TSSA-2024:0014)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0014 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS9AI score0.20472EPSS
Exploits0References12
OSV
OSV
added 2025/01/16 5:0 p.m.4 views

USN-7206-2 rsync regression

USN-7206-1 fixed vulnerabilities in rsync. The update introduced a regression in rsync. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. ...

6AI score
Exploits0References2
Slackware Linux
Slackware Linux
added 2025/01/15 12:12 a.m.17 views

[slackware-security] rsync

New rsync packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/rsync-3.4.0-i586-1slack15.0.txz: Upgraded. This is a security release, fixing several important security vulnerabilities: Heap Buffer...

9.8CVSS7.4AI score0.72059EPSS
Exploits8
FreeBSD
FreeBSD
added 2025/01/14 12:0 a.m.22 views

rsync -- Multiple security fixes

rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...

9.8CVSS7.2AI score0.72059EPSS
Exploits8
OSV
OSV
added 2024/07/16 10:15 a.m.8 views

CLSA-2024-1721124939 rpm: Fix of CVE-2021-35937

CVE-2021-35937: fix a possible privilege escalation through a symlink check race condition...

6.4CVSS5.8AI score0.00307EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.22 views

RHEL 6 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - coreutils: Non-privileged session can escape to the parent session in chroot CVE-2016-2781 - In GNU...

5.8AI score0.00425EPSS
Exploits1References2
OSV
OSV
added 2024/03/27 3:3 p.m.9 views

SUSE-SU-2024:1009-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2023-52425: Fixed denial of service resource consumption caused by processing large tokens in expat bsc1219559. - CVE-2023-6597: Fixed symlink race condition in tempfile.TemporaryDirectory bsc1219666. - CVE-2024-0450: Fixed 'quoted-overla...

7.8CVSS7.9AI score0.01815EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2023/12/21 12:0 a.m.29 views

Fedora 38 : thunderbird (2023-608dd04117)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-608dd04117 advisory. Update to 115.6.0 ; - https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/ -...

8.8CVSS7.3AI score0.20472EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/12/19 12:0 a.m.31 views

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-353-03)

The version of mozilla-thunderbird installed on the remote host is prior to 115.6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-353-03 advisory. - The signature of a digitally signed S/MIME email message may optionally specify the signature creation date...

8.8CVSS8.7AI score0.20472EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/12/19 12:0 a.m.69 views

Mozilla Firefox < 121.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 121.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-56 advisory. - Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we...

8.8CVSS8.7AI score0.20472EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.17 views

Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2022:1894)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1894 advisory. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG...

7.3CVSS7.1AI score0.01376EPSS
Exploits1References4
NVD
NVD
added 2022/01/20 6:15 p.m.26 views

CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

7.3CVSS0.01376EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2018/11/29 12:0 a.m.54 views

FreeBSD : Gitlab -- Multiple vulnerabilities (8a4aba2d-f33e-11e8-9416-001b217b3468)

Gitlab reports : View Names of Private Groups Persistent XSS in Environments SSRF in Prometheus integration Unauthorized Promotion of Milestones Exposure of Confidential Issue Title Persisent XSS in Markdown Fields via Mermaid Script Persistent XSS in Markdown Fields via Unrecognized HTML Tags...

8.8CVSS6AI score0.2819EPSS
Exploits7References23
Tenable Nessus
Tenable Nessus
added 2017/04/12 12:0 a.m.53 views

Debian DLA-894-1 : samba security update

Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition. F...

7.5CVSS7.3AI score0.11091EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.28 views

Oracle: Security Advisory (ELSA-2011-0909)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.15684EPSS
Exploits4References2
Rows per page
Query Builder