58 matches found
Directory Traversal
Overview @hapi/inert is a Static file and directory handlers plugin for hapi.js Affected versions of this package are vulnerable to Directory Traversal via the confine option. An unauthenticated remote attacker can access files outside the intended directory by crafting requests that exploit...
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 CVSS score: 7.8, the issue could allow an attacker to seize control of a susceptible system. "This flaw...
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
The Qualys Threat Research Unit has identified a Local Privilege Escalation LPE vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw CVE-2026-3888 allows an unprivileged local attacker to escalate privileges to full root access through the interaction...
EUVD-2024-0335
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2014-3248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera...
CVE-2022-3328
Race condition in snap-confine's mustmkdirandopenwithperms...
ROS-20240226-01
A vulnerability in the mustmkdirandopenwithperms function of the snap-confine utility is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...
snapd Race Condition vulnerability
Race condition in snap-confine's mustmkdirandopenwithperms...
GHSA-CJQF-877P-7M3F snapd Race Condition vulnerability
Race condition in snap-confine's mustmkdirandopenwithperms...
CVE-2022-3328
Race condition in snap-confine's mustmkdirandopenwithperms...
DEBIAN-CVE-2022-3328
Race condition in snap-confine's mustmkdirandopenwithperms...
Race condition
Race condition in snap-confine's mustmkdirandopenwithperms...
CVE-2022-3328
Race condition in snap-confine's mustmkdirandopenwithperms...
CVE-2022-3328
CVE-2022-3328 documents a race condition in snap-confine's must_mkdir_and_open_with_perms(), tied to snapd. Connected entries (GHSA-CJQF-877P-7M3F, OSV entries, Debian/Ubuntu advisories) describe a snapd race condition affecting components like snap-confine, with the core issue described as a rac...
CVE-2022-3328
Race condition in snap-confine's mustmkdirandopenwithperms...
CVE-2022-3328
Race condition in snap-confine's mustmkdirandopenwithperms...
SUSE CVE-2019-11502
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory...
Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability
Qualys discovered a race condition CVE-2022-3328 in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability which was introduced in February 2022 by the patch for CVE-2021-44731 and detail how they exploited it in Ubuntu Server ...
snap-confine must_mkdir_and_open_with_perms() Race Condition
Qualys Security Advisory Race condition in snap-confine's mustmkdirandopenwithperms CVE-2022-3328 ======================================================================== Contents ======================================================================== Summary Background Exploitation...
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported...