Medium: redis6

Issue Overview: TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path. CVE-2025-9810 Affected Packages: redis6 Issue Correction: Run dnf...

Linux Distros Unpatched Vulnerability : CVE-2023-53290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out o...

SUSE CVE-2023-53290

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

DEBIAN-CVE-2023-53290

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

UBUNTU-CVE-2023-53290

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

CVE-2023-53290 samples/bpf: Fix fout leak in hbm's run_bpf_prog

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

CVE-2023-53290

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

CVE-2023-53290 samples/bpf: Fix fout leak in hbm's run_bpf_prog

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

CVE-2023-53290 samples/bpf: Fix fout leak in hbm's run_bpf_prog

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

PT-2025-37895

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue in the samples/bpf subsystem related to a file descriptor leak within the run bpf prog function of the hbm program. Specifically, a file descriptor...

Linux Distros Unpatched Vulnerability : CVE-2020-1918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory...

CLSA-2025-1757014652 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861

SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...

CVE-2025-9810

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...

CVE-2025-9810

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...

GTKWave LXT2 num_time_table_entries out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1819 GTKWave LXT2 numtimetableentries out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-34436 SUMMARY An out-of-bounds write vulnerability exists in the LXT2 numtimetableentries functionality of GTKWave 3.3.115. A specially crafted .lxt2...

CVE-2023-47636 Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page...

pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document

Impact Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page source, require the attacker to have the full path to the file...

PT-2023-30526 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: Pimcore Admin Classic Bundle versions prior to 1.2.1 Description: The issue allows an attacker to see the path to the webroot/file, which can be used in conjunction with other vulnerabilities, such as SQL Injection using the load file query, ...

Junos OS PHPRC Environment Variable Manipulation RCE

This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The...

Internet Bug Bounty: [curl] CVE-2023-32001: fopen race condition

CVE-2023-32001 is a vulnerability in the curl library that allowed for a race condition between the stat and fopen functions. This race condition could be exploited to trick users into overwriting protected files or to steal sensitive data, such as cookies. The vulnerability was fixed in a recent...