Lucene search
K

4 matches found

NVD
NVD
added 2026/06/13 3:16 a.m.22 views

CVE-2026-54228

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

7.8CVSS0.00103EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 2:34 a.m.13 views

EUVD-2026-36638

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...

7CVSS5.3AI score0.00091EPSS
Exploits0References2
CVE
CVE
added 2026/06/13 2:34 a.m.28 views

CVE-2026-54228

Vulnerability context (CVE-2026-54228) : A TOCTOU race in the abrt-dbus D-Bus service’s SetElement method allows a local user to write arbitrary text files into the root-owned dump directory between dump directory creation and post-create, bypassing package validation and causing crashes of unpac...

7.8CVSS5.4AI score0.00103EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 2:34 a.m.14 views

EUVD-2026-36637

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

7.8CVSS5.4AI score0.00103EPSS
Exploits0References2
Rows per page
Query Builder