12 matches found
CVE-2026-42590
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
EUVD-2026-30316
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
CVE-2026-42590
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
PT-2026-38381
Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.30.0 Description The ExifTool metadata write blocklist can be bypassed using group-prefix syntax, allowing an attacker to perform arbitrary file rename, move, hardlink, and symlink creation on the server. The...
golang: syscall: faccessat checks wrong group
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...
golang: syscall: faccessat checks wrong group
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...
golang: syscall: faccessat checks wrong group
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...
CVE-2017-17087
It was found that the swap file created by vim when opening a file was using the user's primary group instead of the file's group. An attacker belonging to the victim's primary group could use this flaw to read the vim swap file...
UBUNTU-CVE-2017-17087
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group which may be different from the group ownership of the original file, which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by...
Fedora Core 2 : kernel-2.6.6-1.435.2.3 (2004-205)
During an audit of the Linux kernel, SUSE discovered a flaw in the Linux kernel that inappropriately allows an unprivileged user to change the group ID of a file to his/her own group ID. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2004-0497 to this...
security flaw
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4...
Minicom 1.82/1.83 - Capture-file Group Ownership
source: https://www.securityfocus.com/bid/1599/info Minicom is a unix terminal program often used for communication between computers with modems. It is often installed setgid uucp, as this access is required for regular users to use certain devices on the system. Through specifying a capture-fil...