Lucene search
K

109 matches found

OSV
OSV
added 2026/06/30 2:16 a.m.4 views

UBUNTU-CVE-2026-58302

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 1:9 a.m.19 views

CVE-2026-58302

CVE-2026-58302 affects the LinuxCNC project, specifically the rtapi_app in linuxcnc-uspace prior to version 2.9.9. The binary is installed with SUID root and loads shared library modules via dlopen() using a user-supplied module name. The validation of the module name is insufficient, allowing pa...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 1:9 a.m.32 views

CVE-2026-58302

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS0.00152EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 1:9 a.m.3 views

CVE-2026-58302

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS6AI score0.00152EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 7:1 p.m.8 views

MAL-2026-6535 Malicious code in disksweep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a2c10aba7f3468458529214868e2d8acd9717eb7985c47ab10cf4aed64f87c The package ships a 2.9 MB Windows PE32+ executable at bin/native/parser.node sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3...

5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 7:46 p.m.10 views

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.4AI score0.00529EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.12 views

CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Version 4.4.5 of GL.iNet GL-MT3000 has a command injection vulnerability. This vulnerability stems from an incorrect operation of the parameter devname in the function dlopen within t...

7.5CVSS7.3AI score0.01572EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.3 views

ruby: dlopen could open a library with tainted library name

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

8.4CVSS7.2AI score0.005EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: dlopen could open a library with tainted library name

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

7.5CVSS6.7AI score0.07766EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: missing "taintness" checks in dl module

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

7.5CVSS7AI score0.13666EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.3 views

ruby: dlopen could open a library with tainted library name

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

7.5CVSS6.7AI score0.07766EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.4 views

ruby: missing "taintness" checks in dl module

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

7.5CVSS7AI score0.13666EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.3 views

ruby: dlopen could open a library with tainted library name

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

8.4CVSS7.2AI score0.005EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.3 views

ruby: dlopen could open a library with tainted library name

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

7.5CVSS6.7AI score0.07766EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.3 views

ruby: missing "taintness" checks in dl module

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

7.5CVSS7AI score0.13666EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-005215)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005215 advisory. Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library...

7.8CVSS5.9AI score0.00557EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : glibc-2.28-251.el8_10.22 (AXSA:2025-10009:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10009:07 advisory. glibc: static setuid binary dlopen may incorrectly search LDLIBRARYPATH CVE-2025-4802 Tenable has extracted the preceding description block directly from th...

7.8CVSS7.6AI score0.00557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : glibc-2.34-168.el9_6.19 (AXSA:2025-10672:12)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10672:12 advisory. glibc: static setuid binary dlopen may incorrectly search LDLIBRARYPATH CVE-2025-4802 Tenable has extracted the preceding description block directly from th...

7.8CVSS7AI score0.00557EPSS
Exploits1References2
Rows per page
Query Builder