4274 matches found
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...
CVE-2026-22676
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...
PT-2026-33175
Name of the Vulnerable Software and Affected Versions Barracuda RMM versions prior to 2025.2.2 Description An issue exists where overly permissive filesystem Access Control Lists ACLs on the 'C:WindowsAutomation' directory allow local attackers to gain SYSTEM-level privileges. Attackers can modif...
Security update for python-Django
This update for python-Django fixes the following issue: CVE-2026-25674: race condition can lead to potential incorrect permissions on newly created file system objects bsc1259142. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...
nodejs:20 security update
An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
nodejs: Nodejs filesystem permissions bypass
A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-on...
nodejs: Nodejs filesystem permissions bypass
A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-on...
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...
ALSA-2026:2782 Important: nodejs:22 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...
RHEL 8 : nodejs:22 (RHSA-2026:2421)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2421 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
Important: Red Hat Security Advisory: nodejs24 security update
An update for nodejs24 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Security update for nodejs22
This update for nodejs22 fixes the following issues: Security fixes: CVE-2026-22036: Fixed unbounded decompression chain in HTTP response leading to resource exhaustion bsc1256848 CVE-2026-21637: Fixed synchronous exceptions thrown during callbacks that bypass TLS error handling and causing denia...
CVE-2021-33214
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...
EUVD-2025-204659
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...
Nagios Log Server 安全漏洞
Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2026R1.0.1, which stems from an insecure interaction between sudo rules and filesystem permissions, which could le...
Node.js: FS Permissions Bypass
A flaw was discovered in Node.js's Permissions model that allowed attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory could escape the allowed path a...
EUVD-2019-10158
Malware in sbrugna...
EUVD-2019-10159
Malware in sbrugna...