CVE-2026-35357 uutils coreutils cp Information Disclosure via Permission Handling Race

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

zstd: Race condition allows attacker to access world-readable destination file

A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues especially if large files are being handled...

Samba Bypass Access Privilege Vulnerability (CNVD-2015-08520)

Samba is a set of programs that implement the SMB Server Messages Block protocol, cross-platform file sharing and print sharing services. An access privilege bypass vulnerability exists in Samba versions 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3. The vulnerability allows an...

Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uploader.aspx page, which does not properly require that users...

Information disclosure

The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...

ARRIS DG860A - NVRAM Backup Password Disclosure

ARRIS DG860A - NVRAM Backup Password Disclosure ! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text...

ARRIS DG860A NVRAM Backup Compressor / Decompressor

! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text. box:arris-dev cosmo$ wget http://192.168.0.1/router.da...