16 matches found
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the use of a predictable temporary file path in the screenshot handling process. An attacker can cause truncation and ownership changes of arbitrary files by pre-placing symlinks in the /tmp...
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the use of a predictable temporary file path in the screenshot handling process. An attacker can cause truncation and ownership changes of arbitrary files by pre-placing symlinks in the /tmp...
Incus vulnerable to local privilege escalation through VM screenshot path
Summary Incus provides an API to retrieve VM screenshots, that API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As Incus uses predictable paths under /tmp for this, an attacker with local access to the...
GHSA-Q9VP-3WCG-8P4X Incus vulnerable to local privilege escalation through VM screenshot path
Summary Incus provides an API to retrieve VM screenshots, that API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As Incus uses predictable paths under /tmp for this, an attacker with local access to the...
Linux Distros Unpatched Vulnerability : CVE-2026-33711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QE...
DEBIAN-CVE-2026-33711
Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.0 use predictable...
CVE-2026-33711 Incus vulnerable to local privilege escalation through VM screenshot path
Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.0 use predictable...
PT-2026-28510
Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, has an issue in its API for retrieving VM screenshots. This API uses a temporary file for QEMU to write the screenshot to, which is then sent to...
SUSE CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. Th...
SUSE CVE-2018-19044
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or...
CVE-2020-8833
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...
UBUNTU-CVE-2020-8833
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...
keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or...
DEBIAN-CVE-2018-19044
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or...
UBUNTU-CVE-2018-19044
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or...
UBUNTU-CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. Th...