Lucene search
+L

25 matches found

Fedora
Fedora
added 5 days ago7 views

[SECURITY] Fedora 43 Update: acl-2.4.0-1.fc43

This package contains the getfacl and setfacl utilities needed for manipulating access control lists...

8.4CVSS6.1AI score0.00142EPSS
Exploits0
Fedora
Fedora
added 2026/07/11 1:12 a.m.8 views

[SECURITY] Fedora 44 Update: acl-2.4.0-1.fc44

This package contains the getfacl and setfacl utilities needed for manipulating access control lists...

8.4CVSS6.1AI score0.00142EPSS
Exploits0
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS0.00091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 1:12 p.m.10 views

CVE-2026-54370

A time-of-check to time-of-use TOCTOU race condition vulnerability was found in acl. By replacing a pathname component with a symbolic link between a security check and subsequent file operations, an attacker can redirect file access control list operations. This occurs when privileged processes...

7.2CVSS5.7AI score0.00091EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 1:0 p.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview acl is a None Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition. in the getfacl or setfacl process. An attacker can gain unauthorized access to files or escalate privileges by exploiting a race condition where a symbolic link replaces a...

7.2CVSS5.8AI score0.00091EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/29 12:38 p.m.9 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0
EUVD
EUVD
added 2026/06/29 12:38 p.m.8 views

EUVD-2026-40086

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 12:38 p.m.56 views

CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS0.00091EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-4378

Malware in sbrugna...

3.7CVSS6.1AI score0.00329EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.4 views

SUSE CVE-2009-4411

The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...

3.7CVSS6.9AI score0.00329EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.5 views

SUSE CVE-2010-2071

The btrfsxattrsetacl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl...

4.6CVSS6.4AI score0.00469EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/01 9:20 p.m.39 views

Security Bulletin: IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2015-7430)

Summary A security vulnerability has been identified in the IBM Spectrum Scale GPFS Hadoop connector which could allow an unprivileged user the ability to read, write, modify, or delete any data in a GPFS file system CVE-2015-7430 Vulnerability Details CVEID: CVE-2015-7430 DESCRIPTION: IBM Genera...

8.4CVSS0.4AI score0.00507EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/09/18 12:0 a.m.59 views

openSUSE Security Update : qemu (openSUSE-2017-1072)

This update for qemu fixes the following issues : Security issues fixed : - CVE-2017-10664: Fix DOS vulnerability in qemu-nbd bsc1046636 - CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support bsc1047674 - CVE-2017-11334: Fix OOB access during DMA operation...

7.5CVSS6.4AI score0.04028EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2015/02/11 12:0 a.m.86 views

RHEL 5 : kernel (RHSA-2015:0164)

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.2CVSS6.2AI score0.01176EPSS
Exploits2References3
Cvelist
Cvelist
added 2010/06/16 8:0 p.m.32 views

CVE-2010-2071

The btrfsxattrsetacl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl...

6.7AI score0.00469EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2010/06/16 12:0 a.m.29 views

CVE-2010-2071

The btrfsxattrsetacl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl...

4.6CVSS5.9AI score0.00469EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/02/02 12:0 a.m.21 views

openSUSE Security Update : acl (acl-1803)

the setfacl tool followed symbolic links in recursive -R mode even if the --physical -P option was specified CVE-2009-4411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update acl-1803. The text...

3.7CVSS5.3AI score0.00329EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/02/02 12:0 a.m.27 views

openSUSE Security Update : acl (acl-1803)

the setfacl tool followed symbolic links in recursive -R mode even if the --physical -P option was specified CVE-2009-4411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update acl-1803. The text...

3.7CVSS5.3AI score0.00329EPSS
Exploits0References2
securityvulns
securityvulns
added 2009/12/29 12:0 a.m.88 views

setfacl / getfacl symbolic links vulnerability

Symbolic links are followed on recursive operation...

3.7CVSS3.6AI score0.00329EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2009/12/24 4:30 p.m.27 views

CVE-2009-4411

The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...

3.7CVSS6AI score0.00329EPSS
Exploits0References1
Rows per page
Query Builder