Lucene search
K

43 matches found

CVE
CVE
added 2026/04/22 4:7 p.m.14 views

CVE-2026-35342

CVE-2026-35342 affects the mktemp utility in the uutils coreutils project. The issue arises because the implementation does not treat an empty TMPDIR as a fallback to /tmp (unlike GNU mktemp); instead, it treats an empty string as a valid path, causing temporary files to be created in the current...

3.3CVSS5.7AI score0.00132EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/11 4:3 p.m.3 views

SUSE-SU-2026:20720-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpicmpui bsc1254992. - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm...

9.8CVSS6.5AI score0.0071EPSS
Exploits7References270
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.7 views

nginxWebUI 代码注入漏洞

nginxWebUI is a nginx web configuration tool developed by cym1102 as an individual developer. Versions of nginxWebUI 4.3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter nginxDir in the file adminPage/conf/conf, which coul...

5.4CVSS5.7AI score0.00264EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/22 3:13 p.m.6 views

CVE-2025-71176

A flaw was found in pytest. This vulnerability allows local users to exploit insecure temporary directory handling, specifically the reliance on predictable directory names in /tmp/pytest-of-user. An attacker can leverage this to cause a denial of service DoS or potentially gain elevated privileg...

6.8CVSS5.2AI score0.0014EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 8:32 a.m.11 views

Security Bulletin:Vulnerability in Perl affects IBM Netezza Appliance

Summary The Perl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2020-10543, CVE-2020-10878, CVE-2025-40909, CVE-2020-12723 Vulnerability Details CVEID:CVE-2020-10543 DESCRIPTION: Perl before 5.30.3 on 32-bit platforms allows a heap-based...

8.6CVSS7.2AI score0.11334EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 3:6 p.m.6 views

Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)

Summary Vulnerability in Perl could allow a local attacker to load code or access files from unexpected locations CVE-2025-40909. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-40909 DESCRIPTION: Perl threads have a working directory race condition wher...

5.9CVSS6.4AI score0.00368EPSS
Exploits0Affected Software2
IBM AIX
IBM AIX
added 2025/09/16 8:25 a.m.24 views

AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)

IBM SECURITY ADVISORY First Issued: Tue Sep 16 08:25:08 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory11.asc Security Bulletin: AIX is vulnerable to a race condition in directory handling due to Perl CVE-2025-4090...

5.9CVSS6.4AI score0.00368EPSS
Exploits0
Veracode
Veracode
added 2025/08/28 6:23 a.m.5 views

Arbitrary File Write

tmp is vulnerable to arbitrary file/directory write. The vulnerability is due to improper handling of the dir parameter when creating temporary files/directories via symbolic link, which allows an attacker to create symbolic links and overwrite arbitrary files...

5.3CVSS6.7AI score0.00309EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/07/31 12:0 a.m.6 views

Amazon Linux 2 : git (ALAS-2025-2941)

The version of git installed on the remote host is prior to 2.47.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2941 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be creat...

8.6CVSS8.1AI score0.02775EPSS
Exploits9References12
RedHat Linux
RedHat Linux
added 2025/07/29 8:53 a.m.3 views

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

5.9CVSS7.2AI score0.00368EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/07/28 2:32 a.m.7 views

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

5.9CVSS7.2AI score0.00368EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/07/28 2:24 a.m.3 views

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

5.9CVSS7.2AI score0.00368EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/07/22 6:22 p.m.4 views

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

5.9CVSS7.2AI score0.00368EPSS
Exploits0References11
OSV
OSV
added 2025/06/20 12:42 p.m.3 views

SUSE-SU-2025:02051-1 Security update for perl

This update for perl fixes the following issues: - CVE-2025-40909: do not change the current directory when cloning an open directory handle bsc1244079...

5.9CVSS7.1AI score0.00368EPSS
Exploits0References3
NVD
NVD
added 2025/04/18 7:15 a.m.17 views

CVE-2025-37785

In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in out-of-bounds read later on, when the corrupted directory is removed...

7.1CVSS0.00226EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2025/03/18 12:0 a.m.9 views

The vulnerability of the FortiClient for MAC installer allows a perpetrator to execute arbitrary commands.

The vulnerability of the FortiClient for MAC installer is related to improper external management of the file name or path to the /tmp directory. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

8.2CVSS6.1AI score0.00262EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/31 12:0 a.m.5 views

The vulnerability of the Voyager PHP framework Laravel, related to errors in handling relative pathnames to directories, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Voyager PHP-framework Laravel relates to errors in handling relative pathnames to directories. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

9CVSS8.1AI score0.14586EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/01/30 7:20 p.m.8 views

BIT-NODE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

5.6CVSS5.5AI score0.01404EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/27 1:49 p.m.19 views

CVE-2024-53177 smb: prevent use-after-free due to open_cached_dir error paths

In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to opencacheddir error paths If opencacheddir encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in opencacheddir freeing the...

0.00229EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2024/12/02 8:19 a.m.15 views

Advisory ROSA-SA-2024-2537

Software: openjpeg2 2.4.0 OS: ROSA-CHROME packageevrstring: openjpeg2-2.4.0-3 CVE-ID: CVE-2022-1122 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The opj2decompress program in openjpeg2 has discovered a flaw in the way it handles an input directory with a large number of files. When the program fails ...

5.5CVSS7.1AI score0.0156EPSS
Exploits1
Rows per page
Query Builder