4 matches found
CVE-2026-43419
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in cephmdscbuildpath Add putname calls to error code paths that did not free the "path" pointer obtained by getname. If ownership of this pointer is not passed to the caller via pathinfo.path, the function...
EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2025-2326)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject...
GHSA-HRXH-9W67-G4CV Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
tl;dr: unprivileged user creates a symlink to /etc/sudoers, /etc/shadow or similar and waits for a privileged user or process to copy/backup/mirror users data using --links and --metadata. unprivileged user now owns /etc/sudoers. Summary Insecure handling of symlinks with --links and --metadata i...
CVE-2024-52522 Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target...