Lucene search
K

796 matches found

Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS0.00136EPSS
Exploits0References5
CVE
CVE
added 6 days ago8 views

CVE-2026-59946

CVE-2026-59946 affects Composer (PHP dependency manager). A bin entry containing trailing .. path segments could resolve outside the package install directory, enabling the binary installation flow to chmod an existing host file to world-readable/world-executable during composer install, update, ...

6.1CVSS5.9AI score0.00136EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS6.8AI score0.00292EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/06 7:27 p.m.6 views

EUVD-2026-24965

chmod: recursive mode returns exit code 0 even when some files fail last-file-wins...

5.5CVSS6AI score0.00143EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 5:41 p.m.12 views

EUVD-2026-24963

chmod: --preserve-root bypassed by any path that resolves to root e.g. /../...

7.3CVSS5.9AI score0.00175EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS6.7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.6 views

Important: Red Hat Security Advisory: Satellite 6.17.9 Async Update

A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS7.1AI score0.00671EPSS
Exploits0References9
OSV
OSV
added 2026/06/26 8:53 p.m.5 views

GHSA-RHQ6-9RGH-V45C Pterodactyl Wings: Chmod operation can be used to change permissions of files outside of the server container

In wings/internal/ufs/fsunix.go line 92-94, this function is defined and is used to change permissions of files in the server: go func fs UnixFS fchmodatop string, dirfd int, name string, mode FileMode error return ensurePathErrorunix.Fchmodatdirfd, name, uint32mode, 0, op, name This call to the...

5CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

RHEL 9 : Satellite 6.18.6 Async Update (Important) (RHSA-2026:28385)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28385 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

8.9CVSS6.8AI score0.00534EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

RHEL 9 : gvisor-tap-vsock (RHSA-2026:28038)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28038 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vso...

7.5CVSS6AI score0.00621EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/22 8:59 p.m.11 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 8:40 p.m.3 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 3:17 a.m.8 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.8AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 3:17 a.m.8 views

Moderate: Red Hat Security Advisory: yggdrasil-worker-package-manager security update

An update for yggdrasil-worker-package-manager is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.4CVSS5.9AI score0.00292EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/19 6:4 a.m.11 views

yggdrasil-worker-package-manager security update

An update is available for yggdrasil-worker-package-manager. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list yggdrasil-worker-package-manager is a simple packag...

6.4CVSS7.1AI score0.00292EPSS
Exploits0
OSV
OSV
added 2026/06/19 6:4 a.m.8 views

RLSA-2026:25999 Moderate: yggdrasil-worker-package-manager security update

yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that matc...

7.8CVSS5.9AI score0.00292EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.20 views

Important: Red Hat Security Advisory: Satellite 6.16.9 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.1CVSS7.7AI score0.01557EPSS
Exploits3References11
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.2AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/15 3:3 p.m.22 views

Moderate: Red Hat Security Advisory: yggdrasil-worker-package-manager security update

An update for yggdrasil-worker-package-manager is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References2
Rows per page
Query Builder