Lucene search
K

35 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.8 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.4AI score0.00904EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 5:0 p.m.10 views

EUVD-2026-32975

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 3:33 p.m.11 views

EUVD-2026-32312

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00904EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:9 p.m.3 views

CVE-2026-2340

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00904EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/05/27 10:44 a.m.11 views

CVE-2026-2340

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00904EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/27 2:53 a.m.15 views

SUSE CVE-2026-2340

A flaw was found in Samba's vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00904EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/05/04 7:21 p.m.14 views

Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move

Summary Gotenberg blocks certain ExifTool tag names like FileName and Directory to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — System:FileName — which does the exact same thing. Gotenberg only checks if the tag is exactly FileNam...

8.2CVSS5.8AI score0.00347EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/20 7:9 p.m.18 views

CVE-2026-6257

CVE-2026-6257 affects Vvveb CMS v1.0.8. A missing return in the file rename handler in the media management module enables an authenticated user to perform a two-step file-rename: first upload a text file, rename to “.htaccess” to inject PHP MIME-type directives, then rename another file to “.php...

9.2CVSS6.6AI score0.00633EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 8:0 p.m.2 views

GHSA-2943-CRP8-38XX goshs is Missing Write Protection for Parametric Data Values

Summary The SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. Details Here is the issue: go // helper.go:155-215 func cmdFileroot string, r sftp.Request, ip string, sftpServer SFTPServer error fullPath...

7.7CVSS5.8AI score0.00318EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32038

Name of the Vulnerable Software and Affected Versions: goshs versions 1.0.7 through 2.0.0-beta.4 Description: goshs is a SimpleHTTPServer written in Go. The SFTP command rename sanitizes only the source path and not the destination, allowing a write outside of the root directory of the SFTP. This...

7.7CVSS6.4AI score0.00318EPSS
Exploits1References14
CVE
CVE
added 2026/01/01 4:14 p.m.28 views

CVE-2025-48769

CVE-2025-48769 affects Apache NuttX RTOS. The flaw is a Use-After-Free in the fs/vfs/fs_rename code caused by a recursive implementation reusing a single buffer across two pointers, enabling arbitrary user-provided buffer reallocations and writes to a freed heap chunk. In affected scenarios, this...

8.1CVSS7.2AI score0.01514EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/06 5:55 p.m.8 views

CVE-2025-34262

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

5.4CVSS5.4AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/19 5:26 p.m.8 views

EUVD-2025-198234

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

6.5CVSS6.2AI score0.00224EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/19 3:29 a.m.8 views

CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00242EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-3808

Malware in sbrugna...

4CVSS6.4AI score0.03563EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-9565

Malware in sbrugna...

5.5CVSS5.5AI score0.0034EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8205

Malware in sbrugna...

7.1CVSS6.6AI score0.00452EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-2588

Malware in sbrugna...

6.5CVSS6.6AI score0.01215EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-3461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a bind mount via rename which could result in local privilege escalation. Mounting via rena...

7CVSS6.7AI score0.00253EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/25 12:0 a.m.6 views

The vulnerability of the reiserfs_rename() function in the fs/reiserfs/namei.c module of the Linux file system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reiserfsrename function in the fs/reiserfs/namei.c module of the Linux file system support module is related to improper locking of resources. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protecte...

7.8CVSS6.5AI score0.00242EPSS
Exploits0References20Affected Software2
Rows per page
Query Builder