15 matches found
CVE-2026-13201
CVE-2026-13201 concerns KubeVirt’s safepath package, where OpenAtNoFollow uses O_PATH|O_NOFOLLOW to obtain a descriptor for a path leaf, but downstream helpers access paths via /proc/self/fd/N. If the leaf is a symlink, the kernel dereferences it, bypassing intended no-follow protection. An attac...
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...
CLSA-2026-1778599722 Fix CVE(s): CVE-2026-4878
SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...
TencentOS Server 3: polkit (TSSA-2022:0032)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0032 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2021-4115
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
Amazon Linux 2022 : polkit, polkit-devel, polkit-libs (ALAS2022-2022-102)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-102 advisory. There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion.The highest threat from this vulnerability is to availability. NOTE:...
EulerOS Virtualization 2.9.0 : polkit (EulerOS-SA-2022-2206)
According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustio...
EulerOS Virtualization 2.10.0 : polkit (EulerOS-SA-2022-2033)
According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed...
Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-2061)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1850)
According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest...
EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1874)
According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest...
EulerOS 2.0 SP10 : polkit (EulerOS-SA-2022-1796)
According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest...
EulerOS 2.0 SP8 : polkit (EulerOS-SA-2022-1580)
According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest...