Lucene search
K

16 matches found

NVD
NVD
added 2026/05/13 1:1 p.m.13 views

CVE-2026-25710

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown arbitrary files in the system...

7CVSS0.00134EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 8:44 a.m.6 views

CVE-2026-25710

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown arbitrary files in the system...

7CVSS5.8AI score0.00134EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : pmix-3.2.3-5.el9 (AXSA:2024-8100:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8100:01 advisory. pmix: race condition allows attackers to obtain ownership of arbitrary files CVE-2023-41915 Tenable has extracted the preceding description block directly fr...

8.1CVSS5.8AI score0.01121EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 12:28 p.m.9 views

CLSA-2025-1763123299 pmix: Fix of CVE-2023-41915

CVE-2023-41915: prevent attackers from obtaining ownership of arbitrary files by fixing race condition during execution of library code with UID 0...

8.1CVSS7.5AI score0.01121EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/11/06 11:36 p.m.8 views

KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

Summary Short summary of the problem. Make the impact and severity as clear as possible. It is possible to trick the virt-handler component into changing the ownership of arbitrary files on the host node to the unprivileged user with UID 107 due to mishandling of symlinks when determining the roo...

5CVSS7.4AI score0.0021EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2018-13783

Malware in sbrugna...

5.5CVSS5.4AI score0.00384EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.5 views

Nix、lix和GNU Guix 竞争条件问题漏洞

GNU Guix is a product of the U.S. et all is a product of the U.S. GNU community.GNU Guix is an open source, cross-platform program package manager. lix et all is a product of the lix open source.lix is a package manager.Nix et all is a product of the Nix open source.Nix is a powerful package...

5.6CVSS6.5AI score0.00115EPSS
Exploits0References6
OSV
OSV
added 2025/05/07 7:13 p.m.7 views

RLSA-2024:2199 Important: pmix security update

The Process Management Interface PMI provides process management functions for MPI implementations. PMI Exascale PMIx provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fixes: pmix: race condition allows attacker...

8.1CVSS8.3AI score0.01121EPSS
Exploits0References2
OSV
OSV
added 2023/10/17 3:54 p.m.1 views

USN-6434-1 pmix vulnerability

Francois Diakhate discovered that PMIx did not properly handle race conditions in the pmix library, which could lead to unwanted privilege escalation. An attacker could possibly use this issue to obtain ownership of an arbitrary file on the filesystem, under the default configuration of the...

8.1CVSS5.9AI score0.01121EPSS
Exploits0References2
OSV
OSV
added 2023/09/09 10:15 p.m.6 views

AZL-29702 CVE-2023-41915 affecting package pmix for versions less than 4.1.3-1

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...

8.1CVSS7.7AI score0.01121EPSS
Exploits0References1
OSV
OSV
added 2023/09/09 10:15 p.m.2 views

UBUNTU-CVE-2023-41915

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...

8.1CVSS6.1AI score0.01121EPSS
Exploits0References8
OSV
OSV
added 2020/01/13 3:17 p.m.5 views

OPENSUSE-SU-2020:0015-1 Security update for trousers

This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package bsc1157651. This update was imported from the...

7.8CVSS7.6AI score0.00482EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2018/02/13 8:0 p.m.60 views

CVE-2018-6954

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. Th...

7.8CVSS5.9AI score0.00532EPSS
Exploits1
CNVD
CNVD
added 2018/01/08 12:0 a.m.7 views

GNU Coreutils Arbitrary File Modification Vulnerability

GNU Coreutils GNU Core Utilities, GNU Core Utilities is a package developed by the GNU Project that contains several basic tools required for Unix-like applications, such as textutils textutils, shellutils shell utilities, fileutils file utilities, and so on. A security vulnerability exists in GN...

7.1CVSS6.7AI score0.00348EPSS
Exploits1References1
seebug.org
seebug.org
added 2008/12/02 12:0 a.m.16 views

Debian GNU/Linux (symlink attack in login) Arbitrary File Ownership PoC

No description provided by source. !/bin/bash - echo ' include string.h include stdlib.h include unistd.h include utmp.h include sys/types.h include stdio.h int mainint argc, char argv struct utmp entry; int i; entry.uttype=LOGINPROCESS; strcpyentry.utline,"/tmp/x"; entry.uttime=0;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/12/01 12:0 a.m.16 views

Debian GNU/Linux (symlink attack in login) Arbitrary File Ownership PoC

No description provided by source. !/bin/bash - echo ' include string.h include stdlib.h include unistd.h include utmp.h include sys/types.h include stdio.h int mainint argc, char argv struct utmp entry; int i; entry.uttype=LOGINPROCESS; strcpyentry.utline,"/tmp/x"; entry.uttime=0;...

7.1AI score
Exploits0
Rows per page
Query Builder