Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.11 views

CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 3:36 p.m.14 views

EUVD-2026-30316

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:36 p.m.8 views

CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.29 views

PT-2026-38381

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.30.0 Description The ExifTool metadata write blocklist can be bypassed using group-prefix syntax, allowing an attacker to perform arbitrary file rename, move, hardlink, and symlink creation on the server. The...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2022/08/31 4:58 p.m.7 views

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

5.3CVSS6.6AI score0.02593EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/08/01 4:7 p.m.16 views

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

5.3CVSS6.6AI score0.02593EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/08/01 11:18 a.m.4 views

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

5.3CVSS6.6AI score0.02593EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2017/12/11 3:50 p.m.33 views

CVE-2017-17087

It was found that the swap file created by vim when opening a file was using the user's primary group instead of the file's group. An attacker belonging to the victim's primary group could use this flaw to read the vim swap file...

5.5CVSS1.7AI score0.00355EPSS
Exploits0References1
OSV
OSV
added 2017/12/01 8:29 a.m.2 views

UBUNTU-CVE-2017-17087

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group which may be different from the group ownership of the original file, which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by...

5.5CVSS6.7AI score0.00355EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2004/07/23 12:0 a.m.31 views

Fedora Core 2 : kernel-2.6.6-1.435.2.3 (2004-205)

During an audit of the Linux kernel, SUSE discovered a flaw in the Linux kernel that inappropriately allows an unprivileged user to change the group ID of a file to his/her own group ID. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2004-0497 to this...

2.1CVSS5.3AI score0.00801EPSS
Exploits6References2
RedHat Linux
RedHat Linux
added 2004/07/02 8:22 a.m.4 views

security flaw

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4...

2.1CVSS5.8AI score0.00801EPSS
Exploits6References4
Exploit DB
Exploit DB
added 2000/08/19 12:0 a.m.33 views

Minicom 1.82/1.83 - Capture-file Group Ownership

source: https://www.securityfocus.com/bid/1599/info Minicom is a unix terminal program often used for communication between computers with modems. It is often installed setgid uucp, as this access is required for regular users to use certain devices on the system. Through specifying a capture-fil...

7.4AI score
Exploits0
Rows per page
Query Builder