Lucene search
K

15 matches found

CVE
CVE
added last week6 views

CVE-2026-13201

CVE-2026-13201 concerns KubeVirt’s safepath package, where OpenAtNoFollow uses O_PATH|O_NOFOLLOW to obtain a descriptor for a path leaf, but downstream helpers access paths via /proc/self/fd/N. If the leaf is a symlink, the kernel dereferences it, bypassing intended no-follow protection. An attac...

7.3CVSS6AI score0.00124EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2026/05/20 3:40 p.m.15 views

CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path

The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...

7.1CVSS6.3AI score0.01241EPSS
Exploits6
OSV
OSV
added 2026/05/12 3:28 p.m.4 views

CLSA-2026-1778599722 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 3: polkit (TSSA-2022:0032)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0032 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

5.5CVSS6.6AI score0.0053EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-4115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this...

5.5CVSS6.5AI score0.0053EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/11/21 4:21 p.m.5 views

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

8.8CVSS7.2AI score0.00789EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:51 p.m.3 views

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

8.8CVSS7.2AI score0.00789EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.36 views

Amazon Linux 2022 : polkit, polkit-devel, polkit-libs (ALAS2022-2022-102)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-102 advisory. There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion.The highest threat from this vulnerability is to availability. NOTE:...

5.5CVSS6.6AI score0.0053EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/07/29 12:0 a.m.23 views

EulerOS Virtualization 2.9.0 : polkit (EulerOS-SA-2022-2206)

According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustio...

5.5CVSS6.6AI score0.0053EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/07/15 12:0 a.m.50 views

EulerOS Virtualization 2.10.0 : polkit (EulerOS-SA-2022-2033)

According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed...

7.8CVSS7.9AI score0.94921EPSS
Exploits152References3
OpenVAS
OpenVAS
added 2022/07/14 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-2061)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.94921EPSS
Exploits152References4
Tenable Nessus
Tenable Nessus
added 2022/06/15 12:0 a.m.33 views

EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1850)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest...

5.5CVSS6.7AI score0.0053EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/06/15 12:0 a.m.37 views

EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1874)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest...

5.5CVSS6.7AI score0.0053EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/06/06 12:0 a.m.36 views

EulerOS 2.0 SP10 : polkit (EulerOS-SA-2022-1796)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest...

5.5CVSS6.7AI score0.0053EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/04/25 12:0 a.m.28 views

EulerOS 2.0 SP8 : polkit (EulerOS-SA-2022-1580)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest...

5.5CVSS6.7AI score0.0053EPSS
Exploits1References2
Rows per page
Query Builder