Lucene search
+L

10 matches found

osv
osv
added 2026/07/08 2:55 p.m.4 views

CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS6.2AI score0.00329EPSS
Exploits0References6
nvd
nvd
added 2026/06/13 3:16 a.m.18 views

CVE-2026-54230

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7.8CVSS0.0014EPSS
Exploits0References3
euvd
euvd
added 2026/06/10 5:3 a.m.13 views

EUVD-2026-35982

A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...

7.3CVSS5.6AI score0.00161EPSS
Exploits0References2
cve
cve
added 2026/06/10 5:3 a.m.44 views

CVE-2026-11837

CVE-2026-11837 describes a local privilege escalation in the ansible.posix authorized_key module. The keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when handling SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/...

7.3CVSS5.6AI score0.00161EPSS
Exploits0References3
osv
osv
added 2026/05/05 9:6 p.m.10 views

CLSA-2026-1777944214 libcap: Fix of CVE-2026-4878

CVE-2026-4878: fix TOCTOU race in capsetfile by performing xattr writes via an ONOFOLLOW file descriptor instead of the user-supplied path...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
osv
osv
added 2026/05/05 12:43 a.m.15 views

CLSA-2026-1777941808 libcap: Fix of CVE-2026-4878

CVE-2026-4878: fix TOCTOU race in capsetfile by performing xattr writes via an ONOFOLLOW file descriptor instead of the user-supplied path...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
osv
osv
added 2026/04/22 6:31 p.m.4 views

GHSA-HPFW-MQM3-33JH uutils coreutils has a Link Following issue

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

4.7CVSS5.9AI score0.00105EPSS
Exploits1References3
nvd
nvd
added 2026/04/22 5:16 p.m.10 views

CVE-2026-35359

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

4.7CVSS0.00105EPSS
Exploits1References1
alpinelinux
alpinelinux
added 2026/04/08 1:6 a.m.4 views

CVE-2026-32282

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the ATSYMLINKNOFOLLOW flag, which Root.Chmod uses to...

6.4CVSS5.8AI score0.00292EPSS
Exploits0
githubexploit
githubexploit
added 2026/01/24 8:38 a.m.159 views

CVE-2026-D0cker

CVE-2026-Pending: Container Escape via runC maskPaths Vunlerab...

5.8AI score
Exploits0
Rows per page
Query Builder