16 matches found
CVE-2026-25710
The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown arbitrary files in the system...
CVE-2026-25710
The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown arbitrary files in the system...
MiracleLinux 9 : pmix-3.2.3-5.el9 (AXSA:2024-8100:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8100:01 advisory. pmix: race condition allows attackers to obtain ownership of arbitrary files CVE-2023-41915 Tenable has extracted the preceding description block directly fr...
CLSA-2025-1763123299 pmix: Fix of CVE-2023-41915
CVE-2023-41915: prevent attackers from obtaining ownership of arbitrary files by fixing race condition during execution of library code with UID 0...
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
Summary Short summary of the problem. Make the impact and severity as clear as possible. It is possible to trick the virt-handler component into changing the ownership of arbitrary files on the host node to the unprivileged user with UID 107 due to mishandling of symlinks when determining the roo...
EUVD-2018-13783
Malware in sbrugna...
Nix、lix和GNU Guix 竞争条件问题漏洞
GNU Guix is a product of the U.S. et all is a product of the U.S. GNU community.GNU Guix is an open source, cross-platform program package manager. lix et all is a product of the lix open source.lix is a package manager.Nix et all is a product of the Nix open source.Nix is a powerful package...
RLSA-2024:2199 Important: pmix security update
The Process Management Interface PMI provides process management functions for MPI implementations. PMI Exascale PMIx provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fixes: pmix: race condition allows attacker...
USN-6434-1 pmix vulnerability
Francois Diakhate discovered that PMIx did not properly handle race conditions in the pmix library, which could lead to unwanted privilege escalation. An attacker could possibly use this issue to obtain ownership of an arbitrary file on the filesystem, under the default configuration of the...
AZL-29702 CVE-2023-41915 affecting package pmix for versions less than 4.1.3-1
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...
UBUNTU-CVE-2023-41915
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...
OPENSUSE-SU-2020:0015-1 Security update for trousers
This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package bsc1157651. This update was imported from the...
CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. Th...
GNU Coreutils Arbitrary File Modification Vulnerability
GNU Coreutils GNU Core Utilities, GNU Core Utilities is a package developed by the GNU Project that contains several basic tools required for Unix-like applications, such as textutils textutils, shellutils shell utilities, fileutils file utilities, and so on. A security vulnerability exists in GN...
Debian GNU/Linux (symlink attack in login) Arbitrary File Ownership PoC
No description provided by source. !/bin/bash - echo ' include string.h include stdlib.h include unistd.h include utmp.h include sys/types.h include stdio.h int mainint argc, char argv struct utmp entry; int i; entry.uttype=LOGINPROCESS; strcpyentry.utline,"/tmp/x"; entry.uttime=0;...
Debian GNU/Linux (symlink attack in login) Arbitrary File Ownership PoC
No description provided by source. !/bin/bash - echo ' include string.h include stdlib.h include unistd.h include utmp.h include sys/types.h include stdio.h int mainint argc, char argv struct utmp entry; int i; entry.uttype=LOGINPROCESS; strcpyentry.utline,"/tmp/x"; entry.uttime=0;...