Lucene search
K

58 matches found

Snyk
Snyk
added 2026/06/11 5:10 p.m.9 views

Directory Traversal

Overview @hapi/inert is a Static file and directory handlers plugin for hapi.js Affected versions of this package are vulnerable to Directory Traversal via the confine option. An unauthenticated remote attacker can access files outside the intended directory by crafting requests that exploit...

8.2CVSS6.3AI score0.00062EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/03/18 8:8 a.m.18 views

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 CVSS score: 7.8, the issue could allow an attacker to seize control of a susceptible system. "This flaw...

7.8CVSS6.3AI score0.00383EPSS
Exploits7
Qualys Blog
Qualys Blog
added 2026/03/17 7:20 p.m.12 views

CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root

The Qualys Threat Research Unit has identified a Local Privilege Escalation LPE vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw CVE-2026-3888 allows an unprivileged local attacker to escalate privileges to full root access through the interaction...

7.8CVSS6.6AI score0.00383EPSS
Exploits7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0335

Malicious code in bioql PyPI...

7.8CVSS7.1AI score0.00384EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2014-3248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera...

6.2CVSS6.7AI score0.00537EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/06 12:47 a.m.9 views

CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

7.8CVSS6.7AI score0.00384EPSS
Exploits2References1
Redos
Redos
added 2024/02/26 12:0 a.m.30 views

ROS-20240226-01

A vulnerability in the mustmkdirandopenwithperms function of the snap-confine utility is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...

7.8CVSS7.8AI score0.00384EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2024/01/08 6:30 p.m.26 views

snapd Race Condition vulnerability

Race condition in snap-confine's mustmkdirandopenwithperms...

7.8CVSS7AI score0.00384EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2024/01/08 6:30 p.m.30 views

GHSA-CJQF-877P-7M3F snapd Race Condition vulnerability

Race condition in snap-confine's mustmkdirandopenwithperms...

9CVSS7AI score0.00384EPSS
Exploits2References7
NVD
NVD
added 2024/01/08 6:15 p.m.22 views

CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

7.8CVSS7.5AI score0.00384EPSS
Exploits2References2
OSV
OSV
added 2024/01/08 6:15 p.m.4 views

DEBIAN-CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

7CVSS7.3AI score0.00384EPSS
Exploits2References1
Prion
Prion
added 2024/01/08 6:15 p.m.25 views

Race condition

Race condition in snap-confine's mustmkdirandopenwithperms...

3.5CVSS7AI score0.00384EPSS
Exploits2References2Affected Software2
Vulnrichment
Vulnrichment
added 2024/01/08 6:4 p.m.8 views

CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

7.8CVSS7.1AI score0.00384EPSS
Exploits2References2
CVE
CVE
added 2024/01/08 6:4 p.m.1268 views

CVE-2022-3328

CVE-2022-3328 documents a race condition in snap-confine's must_mkdir_and_open_with_perms(), tied to snapd. Connected entries (GHSA-CJQF-877P-7M3F, OSV entries, Debian/Ubuntu advisories) describe a snapd race condition affecting components like snap-confine, with the core issue described as a rac...

7.8CVSS6.6AI score0.00384EPSS
Exploits2References2Affected Software2
Cvelist
Cvelist
added 2024/01/08 6:4 p.m.36 views

CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

7.8CVSS7.7AI score0.00384EPSS
Exploits2References2
OSV
OSV
added 2024/01/08 6:4 p.m.33 views

CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

7.8CVSS6.8AI score0.00384EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.7 views

SUSE CVE-2019-11502

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory...

7.5CVSS7.4AI score0.02486EPSS
Exploits1References4
0day.today
0day.today
added 2022/12/10 12:0 a.m.928 views

Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability

Qualys discovered a race condition CVE-2022-3328 in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability which was introduced in February 2022 by the patch for CVE-2021-44731 and detail how they exploited it in Ubuntu Server ...

7.8CVSS7.6AI score0.00952EPSS
Exploits9
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.461 views

snap-confine must_mkdir_and_open_with_perms() Race Condition

Qualys Security Advisory Race condition in snap-confine's mustmkdirandopenwithperms CVE-2022-3328 ======================================================================== Contents ======================================================================== Summary Background Exploitation...

7.8CVSS7.5AI score0.00952EPSS
Exploits9
The Hacker News
The Hacker News
added 2022/12/05 7:40 a.m.104 views

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported...

7.8CVSS1.1AI score0.02398EPSS
Exploits7
Rows per page
Query Builder