2848 matches found
SUSE-SU-2026:2485-1 Security update for util-linux
This update for util-linux fixes the following issue - CVE-2026-27456: TOCTOU in the mount program when setting up loop devices bsc1261606...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
Important Photon OS Security Update - PHSA-2026-5.0-0885
Updates of 'jq', 'rsync', 'util-linux' packages of Photon OS have been released...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the distutils.fileutil.writefile function. An attacker can overwrite critical system files by crafting...
CVE-2025-71321
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: util-linux: libblkid-2.42.2-1.hum1 aarch64, x8664 libblkid-devel-2.42.2-1.hum1 aarch64, x8664 libfdisk-2.42.2-1.hum1 aarch64, x8664 libfdisk-devel-2.42.2-1.hum1 aarch64, x8664...
Linux Distros Unpatched Vulnerability : CVE-2026-53612
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via TOCTOU in mount8 hookowner.c chmod/chown CVE-2026-53612 Note that Nessus relies o...
Linux Distros Unpatched Vulnerability : CVE-2026-53614
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via LIBMOUNTFORCEMOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...
Linux Distros Unpatched Vulnerability : CVE-2026-53613
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - upstream upgrade with security fixes: - CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount - CVE-2026-53613 - libmount: SUID bypa...
Linux Distros Unpatched Vulnerability : CVE-2026-53615
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Integer Overflow or Wraparound in libblkid/src/partitions/dos.c CVE-2026-53615 Note that Nessus relies on the...
PT-2026-49303
Name of the Vulnerable Software and Affected Versions Vector version 0.54.0 Description An issue in the '/util/http/prelude.rs' endpoint allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a crafted request ...
CVE-2026-39197
Summary: CVE-2026-39197 affects Datadog Vector v0.54.0 with a vulnerability in the /util/http/prelude.rs endpoint that can trigger a Denial of Service (DoS) via a crafted request or payload. The CVSS-derived metrics indicate NETWORK attack vector, low attack complexity, required privileges, and h...
CVE-2026-53609
CVE-2026-53609 involves ApostropheCMS (Node.js) up to version 4.30.0, where apos.util.set() can traverse dot-notation paths and fail to sanitize proto , enabling an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirmed gadget in publicApiC...
CVE-2026-53609 Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass
ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...
EulerOS Virtualization 2.13.0 : util-linux (EulerOS-SA-2026-2420)
According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...
Malicious Package
Overview npmjsweb3-util is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-2317)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerability has been...
EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-2360)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerability has been...
EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2268)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...
EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2231)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...