CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2023-43123

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

The vulnerability of the RIB Revalidation component of the networking routing implementation software on Unix-like systems allows a perpetrator to cause service interruptions.

The vulnerability of the RIB Revalidation component of the networking routing implementation software on Unix-like systems is related to errors in resource release. Exploiting this vulnerability can allow a malicious actor to cause service failures...

ROS-20250121-04

A vulnerability in the RIB Revalidation component of a software tool that implements network routing on Unix-like FRRouting systems is related to the launch of RIB reanalysis for FRR routers. Unix-like FRRouting systems is related to triggering RIB reanalysis for FRR routers, using RTR, causing...

PT-2025-4606 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.17.0 Description: The issue arises from the gix-worktree-state specifying 0777 permissions when checking out executable files. This is intended to be restricted by the umask, but one of the strategies used to set...

CVE-2024-53256

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...

CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...

Unspecified vulnerability in FreeBSD (CNVD-2025-09234)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD has security vulnerabilities, and no detailed vulnerability details are provided at this time...

Unspecified vulnerability in FreeBSD (CNVD-2025-09233)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD has security vulnerabilities, and no detailed vulnerability details are provided at this time...

Mutt 安全漏洞

Mutt is a text-based e-mail client for Unix-like systems developed by Michael Elkins. A security vulnerability exists in Mutt, which stems from the To and Cc e-mail headers not being verified by cryptographic signatures, thereby compromising the confidentiality of the e-mail...

OESA-2024-2351 hadoop security update

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Security Fixes: Apache...

The vulnerability of the password_change.cgi web interface for Unix-like systems, Usermin, allows a perpetrator to execute an attack using brute-force methods.

The vulnerability of the passwordchange.cgi script in the Webmin hosting panel and the web interface for Unix-like systems, Usermin, is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability allows a malicious actor to execute an attack using brute-force methods...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2699)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vivo Fibra Askey RTF8225VW Command Execution

--- Exploit 1 Documentation on the Vivo Fibra Modem Exploit I discovered an exploit that allows access to the sh shell on the Vivo Fibra modem. This method essentially involves terminating the aspsh shell and invoking sh using the output of cat /dev/null. Using the pipe | is crucial for this...

BIT-SUBVERSION-2024-45720 Apache Subversion: Command line argument injection on Windows platforms

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...

CVE-2024-45720

CVE-2024-45720 affects Subversion on Windows: a flawed “best fit” character encoding conversion of command-line arguments to svn.exe can cause misinterpretation of arguments, enabling argument injection and execution of other programs. Affected: all Subversion versions up to 1.14.3 on Windows; fi...

CVE-2024-45720 Apache Subversion: Command line argument injection on Windows platforms

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...

EulerOS 2.0 SP11 : cups (EulerOS-SA-2024-2548)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2548)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : cups (EulerOS-SA-2024-2574)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the...