Lucene search
K

31 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in unbound

Unbound from NLnet Labs, including versions up to and including 1.12.0, and NSD from NLnet Labs, including versions up to and including 4.3.3, contain a local vulnerability that allows for a local symlink attack. When creating the PID file, Unbound and NSD either create the file if it does not...

5.5CVSS6.5AI score0.00484EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-48693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/05/26 5:16 p.m.20 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS0.00127EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 5:16 p.m.7 views

DEBIAN-CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/26 5:16 p.m.17 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43311

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References6
CVE
CVE
added 2026/05/26 12:0 a.m.18 views

CVE-2026-48693

CVE-2026-48693 concerns the FastNetMon Community Edition up to 1.2.9. The issue is a local symlink attack due to predictable file paths in /tmp, notably the default statistics file at '/tmp/fastnetmon.dat'. The vulnerable code path opens this path with std::ios::trunc without following symlinks o...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/26 12:0 a.m.12 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS5.9AI score0.00127EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.4 views

EulerOS 2.0 SP13 : python-virtualenv (EulerOS-SA-2026-1260)

According to the versions of the python-virtualenv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

4.5CVSS5.8AI score0.00085EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 3 : nss_db-2.2-35.4.AXS3 (AXSA:2010-227:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-227:01 advisory. Nssdb is a set of C library extensions which allow Berkeley Databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol,...

1.9CVSS5.4AI score0.00376EPSS
Exploits1References2
NVD
NVD
added 2026/01/10 7:16 a.m.8 views

CVE-2026-22702

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS0.00085EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 1:31 a.m.4 views

CVE-2025-11489

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...

4.5CVSS5.7AI score0.00223EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-1999-0838

Malware in sbrugna...

2.1CVSS6.4AI score0.00534EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1723

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00432EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-18925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack. CVE-2017-18925...

5.5CVSS5.9AI score0.00379EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.6 views

SUSE CVE-2012-3378

The registerapplication function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in...

3.3CVSS6.5AI score0.00313EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.1 views

SUSE CVE-2020-28935

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for...

4.4CVSS6.5AI score0.00484EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.50 views

NewStart CGSL MAIN 6.02 : unbound Multiple Vulnerabilities (NS-SA-2022-0064)

The remote NewStart CGSL host, running version MAIN 6.02, has unbound packages installed that are affected by multiple vulnerabilities: - DISPUTED Unbound before 1.9.5 allows an integer overflow in the regional allocator via regionalalloc. NOTE: The vendor disputes that this is a vulnerability...

9.8CVSS7.3AI score0.02179EPSS
Exploits0References23
Microsoft CVE
Microsoft CVE
added 2020/12/09 12:0 a.m.4 views

Local symlink attack in Unbound and NSD

...

5.5CVSS7AI score0.00484EPSS
Exploits0
Veracode
Veracode
added 2020/12/04 4:39 p.m.36 views

Denial Of Service (DoS)

nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...

5.5CVSS3AI score0.00484EPSS
Exploits0References6Affected Software4
Rows per page
Query Builder