31 matches found
Astra Linux – Vulnerability in unbound
Unbound from NLnet Labs, including versions up to and including 1.12.0, and NSD from NLnet Labs, including versions up to and including 4.3.3, contain a local vulnerability that allows for a local symlink attack. When creating the PID file, Unbound and NSD either create the file if it does not...
Linux Distros Unpatched Vulnerability : CVE-2026-48693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to...
CVE-2026-48693
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...
DEBIAN-CVE-2026-48693
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...
CVE-2026-48693
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...
PT-2026-43311
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...
CVE-2026-48693
CVE-2026-48693 concerns the FastNetMon Community Edition up to 1.2.9. The issue is a local symlink attack due to predictable file paths in /tmp, notably the default statistics file at '/tmp/fastnetmon.dat'. The vulnerable code path opens this path with std::ios::trunc without following symlinks o...
CVE-2026-48693
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...
EulerOS 2.0 SP13 : python-virtualenv (EulerOS-SA-2026-1260)
According to the versions of the python-virtualenv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...
MiracleLinux 3 : nss_db-2.2-35.4.AXS3 (AXSA:2010-227:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-227:01 advisory. Nssdb is a set of C library extensions which allow Berkeley Databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol,...
CVE-2026-22702
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
CVE-2025-11489
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...
EUVD-1999-0838
Malware in sbrugna...
EUVD-2022-1723
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-18925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack. CVE-2017-18925...
SUSE CVE-2012-3378
The registerapplication function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in...
SUSE CVE-2020-28935
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for...
NewStart CGSL MAIN 6.02 : unbound Multiple Vulnerabilities (NS-SA-2022-0064)
The remote NewStart CGSL host, running version MAIN 6.02, has unbound packages installed that are affected by multiple vulnerabilities: - DISPUTED Unbound before 1.9.5 allows an integer overflow in the regional allocator via regionalalloc. NOTE: The vendor disputes that this is a vulnerability...
Local symlink attack in Unbound and NSD
...
Denial Of Service (DoS)
nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...