Lucene search
K

46 matches found

OSV
OSV
added 2026/05/29 1:33 p.m.11 views

OESA-2026-2478 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 9:46 p.m.12 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References9
OSV
OSV
added 2026/05/19 12:0 a.m.18 views

ALSA-2026:19353 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path...

9.1CVSS7AI score0.01557EPSS
Exploits1References18
RedhatCVE
RedhatCVE
added 2026/05/13 8:21 a.m.11 views

CVE-2026-5958

A Time-of-Check Time-of-Use TOCTOU race condition was found in GNU sed. When the -i in-place and --follow-symlinks options are used together, sed resolves the symlink but reopens the path for writing. An attacker with write access to the directory containing the symlink can swap it between the...

6.3CVSS5.8AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2026/05/09 12:33 p.m.9 views

OESA-2026-2284 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:33 p.m.9 views

OESA-2026-2283 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:33 p.m.11 views

OESA-2026-2282 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:33 p.m.8 views

OESA-2026-2281 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 10:19 p.m.7 views

GHSA-8CXW-CC62-Q28V ciguard: discover_pipeline_files follows symlinks out of scan root

Summary The discoverpipelinefiles function in src/ciguard/discovery.py introduced in v0.8.0 and used by the MCP scanrepo tool shipped in v0.8.1 walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory...

2.4CVSS5.8AI score0.00158EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/05 10:19 p.m.11 views

ciguard: discover_pipeline_files follows symlinks out of scan root

Summary The discoverpipelinefiles function in src/ciguard/discovery.py introduced in v0.8.0 and used by the MCP scanrepo tool shipped in v0.8.1 walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory...

3.2CVSS5.8AI score0.00158EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37316

Name of the Vulnerable Software and Affected Versions ciguard versions 0.8.0 through 0.8.1 Description The discover pipeline files function in src/ciguard/discovery.py improperly handles symlinks when walking a directory tree. An attacker who can place a symlink in a directory being scanned can...

3.2CVSS5.8AI score0.00158EPSS
Exploits0References8
OSV
OSV
added 2026/04/27 5:38 p.m.14 views

JLSEC-2026-213 When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function...

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.6AI score0.00142EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/20 11:29 p.m.9 views

SUSE CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/20 12:32 p.m.4 views

EUVD-2026-23834

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3
NVD
NVD
added 2026/04/20 12:16 p.m.6 views

CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS0.00142EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 11:59 a.m.3 views

CVE-2026-5958 Race Condition in GNU Sed

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/20 11:59 a.m.40 views

CVE-2026-5958 Race Condition in GNU Sed

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS0.00142EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 11:59 a.m.82 views

CVE-2026-5958

The CVE concerns GNU sed. When sed is invoked with both -i (in-place edit) and --follow-symlinks, open_next_file() performs two non-atomic operations on the same path: (1) resolve the symlink to its target and store the resolved path, and (2) open the original symlink path to read the file. A rac...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:59 a.m.6 views

CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/04/20 11:59 a.m.6 views

CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.6AI score0.00142EPSS
Exploits0
Rows per page
Query Builder