18 matches found
CVE-2026-35362
The CVE-2026-35362 entry concerns the safe_traversal module in uutils coreutils, which is described as failing to provide TOCTOU protections on non-Linux Unix-like systems (e.g., macOS, FreeBSD). The vulnerability, as stated, affects directory traversal operations due to the lack of these protect...
CVE-2026-35362 uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module
The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
CVE-2026-35362 uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module
The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
PT-2026-34498
The safe traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...
Linux Distros Unpatched Vulnerability : CVE-2026-35362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of- Use TOCTOU symlink races using file-descriptor-relativ...
CVE-2026-41035
CVE-2026-41035 affects rsync versions 3.0.1 through 3.4.1. The vulnerability stems from receive_xattr using an untrusted length value during a qsort, causing a receiver use-after-free when the -X/--xattrs option is used. Impact is described as low for confidentiality/integrity/availability, with ...
Moderate: Red Hat Enhancement Advisory: Red Hat OpenShift Pipelines Client tkn for 1.16.0 release
Red Hat OpenShift Pipelines Client tkn for 1.16.0 has been released. Red Hat OpenShift Pipelines Client, tkn for the 1.16.0 release, provides a CLI tool to interact with the Pipelines and Triggers components provided by Red Hat OpenShift Pipelines 1.16.0 The tkn CLI tool is delivered as an RPM...
Moderate: Red Hat Security Advisory: Release of openshift-serverless-clients kn 1.33.1 security update and bug fixes
Red Hat openshift-serverless-clients kn 1.33.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Important: Red Hat Enhancement Advisory: Red Hat OpenShift Pipelines Client tkn for 1.15.0 release
Red Hat OpenShift Pipelines Client tkn for 1.15.0 has been released. Red Hat OpenShift Pipelines Client, tkn for the 1.15.0 release, provides a CLI tool to interact with the Pipelines and Triggers components provided by Red Hat OpenShift Pipelines 1.15.0 The tkn CLI tool is delivered as an RPM...
GHSA-W5W5-8VFH-XCJQ whoami stack buffer overflow on several Unix platforms
With versions of the whoami crate = 0.5.3 and = 0.5.3 and 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the passwd struct on those platforms...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in NuGet where a race condition can lead to a symlink attack. Note: Non-Linux platforms are not affected. Remediation Upgrade NuGet.CommandLine to version 5.11.5, 6.0.5, 6.2.4, 6.3.3,...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in NuGet where a race condition can lead to a symlink attack. Note: Non-Linux platforms are not affected. Remediation There is no fixed version for Microsoft.Build.NuGetSdkResolver...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in NuGet where a race condition can lead to a symlink attack. Note: Non-Linux platforms are not affected. Remediation Upgrade NuGet.Common to version 5.11.5, 6.0.5, 6.2.4, 6.3.3, 6.4.2,...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in NuGet where a race condition can lead to a symlink attack. Note: Non-Linux platforms are not affected. Remediation Upgrade NuGet.PackageManagement to version 5.11.5, 6.0.5, 6.2.4,...
PT-2020-13280
Name of the Vulnerable Software and Affected Versions WordPress Plugin Simple File List versions prior to 4.2.8 Description The issue arises from the application's failure to properly verify user-supplied input, allowing attackers to delete arbitrary files. This is particularly problematic in cas...
KasperskyOS — Secure Operating System released for IoT and Embedded Systems
Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS, a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating...
Antivirus Firm Kaspersky launches Its Own Secure Operating System
The popular cyber security and antivirus company Kaspersky has unveiled its new hack-proof operating system: Kaspersky OS. The new operating system has been in development for last 14 years and has chosen to design from scratch rather than relying on Linux. Kaspersky OS makes its debut on a...
hugetlbfs use may crash PV Linux guests
ISSUE DESCRIPTION Huge 2Mb pages are generally unavailable to PV guests. Since x86 Linux pvops-based kernels are generally multi purpose, they would normally be built with hugetlbfs support enabled. Use of that functionality by an application in a PV guest would cause an infinite page fault loop,...