Lucene search
K

13165 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 4:57 a.m.7 views

CVE-2026-10720

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 4:57 a.m.9 views

EUVD-2026-37990

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/19 1:10 a.m.9 views

[SECURITY] Fedora 43 Update: perl-HTTP-Daemon-6.17-1.fc43

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01231EPSS
Exploits0
Fedora
Fedora
added 2026/06/19 1:1 a.m.9 views

[SECURITY] Fedora 44 Update: perl-HTTP-Daemon-6.17-1.fc44

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01231EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/06/18 1:51 p.m.11 views

CVE-2026-12539 Docker Sandboxes ICMP egress restriction bypass after daemon restart

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.4AI score0.00097EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 1:51 p.m.17 views

CVE-2026-12539

Docker Sandboxes (sbx) ICMP egress restriction can be bypassed after daemon restart. The issue arises because the authorizer is applied only at network creation and is not re-applied to networks rebuilt from disk on restart, allowing a restart-surviving sandbox to forward ICMP to arbitrary hosts....

5.7CVSS5.5AI score0.00097EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 7:24 a.m.4 views

SUSE-SU-2026:2442-1 Security update for perl-HTTP-Daemon

This update for perl-HTTP-Daemon fixes the following issues: - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370...

9.1CVSS5.8AI score0.01231EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/17 2:1 p.m.4 views

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory vulnerability discovered by ? in WordPress Npm chrome-devtools-mcp versions = 0.20.0, = 1.0.1...

6.1CVSS5.8AI score0.00077EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.8 views

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

Summary The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDGRUNTIMEDIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-/daemon.pid. Because the write does not us...

6.1CVSS5.5AI score0.00077EPSS
Exploits1References2Affected Software1
Rockylinux
Rockylinux
added 2026/06/17 12:3 p.m.8 views

rsync security update

An update is available for rsync. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rsync utility enables the users to copy and synchronize files locally or...

8.1CVSS5.5AI score0.0078EPSS
Exploits0
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46978

Vulnerability in the Oracle Solaris product of Oracle Systems component: Remote Administration Daemon. The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris. While the vulnerabili...

10CVSS0.00307EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/17 8:44 a.m.11 views

[SECURITY] Fedora 44 Update: xen-4.21.1-4.fc44

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

9.1CVSS5.2AI score0.00474EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/06/17 6:0 a.m.7 views

rsync security update

An update is available for rsync. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rsync utility enables the users to copy and synchronize files locally or...

8.1CVSS5.6AI score0.0078EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.9 views

RockyLinux 9 : rsync (RLSA-2026:26410)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26410 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

8.1CVSS5.5AI score0.0078EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.6 views

Oracle Linux 8 : rsync (ELSA-2026-26408)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26408 advisory. - Integer overflow in compressed-token decoding CVE-2026-43618 Tenable has extracted the preceding description block directly from the Oracle Linux...

8.1CVSS5.5AI score0.0078EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 5:38 p.m.13 views

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

7.8CVSS5.3AI score0.00152EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/16 5:37 p.m.4 views

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

7.8CVSS5.3AI score0.00152EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/16 5:37 p.m.23 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.1CVSS5.5AI score0.0078EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 2:45 p.m.6 views

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

7.8CVSS5.3AI score0.00152EPSS
Exploits0References4
Rows per page
Query Builder