GHSA-CQMH-PCGR-Q42F @axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

CVE-2026-35373

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...

CVE-2026-35373

The CVE-2026-35373 issue affects the ln utility in uutils/coreutils. A logic error causes ln to reject source paths containing non-UTF‑8 filename bytes when using target-directory forms (for example, ln SOURCE... DIRECTORY). Unlike GNU ln, which treats filenames as raw bytes, the uutils implement...

PT-2026-34509

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...

EUVD-2007-5704

Malware in sbrugna...

Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go

Gobuster is a tool used to brute-force: URIs directories and files in web sites. DNS subdomains with wildcard support. Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: 1. ... something that didn't have a fat Java GUI console FTW. 2. ... to build something that just...

postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask

This release of CloudForms corrects an issue invoked when running pgupgrade by which attackers could read or modify the output of pgdumpall -g in the current working directory. With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current...

openSUSE Security Update : shadow (openSUSE-2018-1055)

This update for shadow fixes the following security issue : - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask

This release of CloudForms corrects an issue invoked when running pgupgrade by which attackers could read or modify the output of pgdumpall -g in the current working directory. With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current...

postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask

This release of CloudForms corrects an issue invoked when running pgupgrade by which attackers could read or modify the output of pgdumpall -g in the current working directory. With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current...

CVE-2018-1053

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

Check_MK Arbitrary File Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 === CheckMK - Arbitrary File Disclosure Vulnerability - -------------------------------------------------- Affected Versions ================= Linux versions of CheckMK equal or...

Unrestricted file upload

Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details...

CVE-2007-5733

The CVE-2007-5733 entry describes an unrestricted file upload in Japanese PHP Gallery Hosting (upload/upload.php) when Open directory mode is enabled. The vulnerability allows remote attackers to upload and execute arbitrary PHP code by crafting a ServerPath parameter with a filename using a doub...