RockyLinux 9 : rsync (RLSA-2026:26410)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26410 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

Important: Red Hat Security Advisory: rsync security, bug fix, and enhancement update

An update for rsync is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 10 : rsync (RHSA-2026:26332)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26332 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because...

ALSA-2026:26332 Important: rsync security, bug fix, and enhancement update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

CVE-2025-15546

The CVE-2025-15546 entry concerns the Iptanus File Upload WordPress plugin (pre-5.1.7). A TOCTOU race condition between the file existence check and the actual write operation, when the duplicatepolicy is set to “maintain both,” allows an authenticated attacker to overwrite files uploaded by othe...

PT-2026-49106

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

CVE-2026-54228

Vulnerability context (CVE-2026-54228) : A TOCTOU race in the abrt-dbus D-Bus service’s SetElement method allows a local user to write arbitrary text files into the root-owned dump directory between dump directory creation and post-create, bypassing package validation and causing crashes of unpac...

CVE-2026-54228 Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

Linux Distros Unpatched Vulnerability : CVE-2026-54055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protoc...

DEBIAN-CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

CVE-2026-50631

CVE-2026-50631 : A TOCTOU race condition in Apache CXF's AbstractOAuthDataProvider allows concurrent requests to reuse the same Refresh Token when recycleRefreshTokens is false, bypassing single-use semantics and generating multiple valid Access Tokens. This can enable token replay/abuse by multi...

EulerOS Virtualization 2.13.1 : util-linux (EulerOS-SA-2026-2391)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...

EulerOS Virtualization 2.13.1 : libcap (EulerOS-SA-2026-2373)

According to the versions of the libcap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the...

EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-2317)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerability has been...

EulerOS 2.0 SP13 : libcap (EulerOS-SA-2026-2295)

According to the versions of the libcap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function...

EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-2360)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerability has been...