Lucene search
K

40 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-22573

Malware in sbrugna...

6.7CVSS6.5AI score0.00491EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-53943

Malicious code in bioql PyPI...

6.5CVSS7.8AI score0.00581EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/07 12:4 a.m.4 views

CVE-2025-54798 tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

2.5CVSS6.4AI score0.00331EPSS
Exploits1References3
CVE
CVE
added 2025/08/07 12:4 a.m.107 views

CVE-2025-54798

CVE-2025-54798 concerns the tmp package for Node.js. In versions 0.2.3 and earlier, it is vulnerable to arbitrary temporary file and directory writes via the symbolic link dir parameter. The issue is fixed in version 0.2.4; users should upgrade to 0.2.4 or later to mitigate. The connected IBM bul...

5.3CVSS6.5AI score0.00331EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/07/07 10:15 a.m.8 views

CVE-2025-3046

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS0.00555EPSS
Exploits1References2
CNVD
CNVD
added 2025/03/27 12:0 a.m.4 views

GNU GRUB Buffer Overflow Vulnerability (CNVD-2025-08310)

GNU GRUB is a Linux system boot program from the GNU community. A buffer overflow vulnerability exists in GNU GRUB. The vulnerability stems from the romsfs module containing an integer overflow issue when handling symbolic links, resulting in a heap-based out-of-bounds write when reading data. No...

6.4CVSS7.1AI score0.00253EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-41072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has...

8.1CVSS6.2AI score0.025EPSS
Exploits2References2
Amazon
Amazon
added 2025/01/22 12:0 a.m.7 views

Important: rsync

Issue Overview: A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data...

7.5CVSS5.8AI score0.09353EPSS
Exploits4
NVD
NVD
added 2025/01/14 6:15 p.m.6 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

7.5CVSS0.04575EPSS
Exploits0References11
OSV
OSV
added 2025/01/14 5:38 p.m.14 views

CVE-2024-12088 Rsync: --safe-links option bypass leads to path traversal

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

6.5CVSS7.1AI score0.72059EPSS
Exploits8References16
Debian CVE
Debian CVE
added 2025/01/14 5:38 p.m.9 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

7.5CVSS7.6AI score0.04575EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/12/19 11:19 p.m.29 views

K000149073: PostgreSQL vulnerabilities CVE-2021-3393, CVE-2015-5289, and CVE-2017-8806

Security Advisory Description CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose...

6.4CVSS6.6AI score0.05045EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.16 views

RHEL 6 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rpm: Following symlinks to directories when installing packages allows privilege escalation CVE-2017-7500...

8.1AI score0.01706EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.31 views

RHEL 7 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rpm: Following symlinks to directories when installing packages allows privilege escalation CVE-2017-7500...

7.5AI score0.01706EPSS
Exploits3References8
Amazon
Amazon
added 2024/04/02 12:0 a.m.2 views

Medium: rpm

Issue Overview: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data...

7.8CVSS7.3AI score0.00491EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/02/01 12:0 a.m.39 views

CentOS 8 : rpm (CESA-2024:0647)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0647 advisory. - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response ...

7.8CVSS6.6AI score0.00491EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.34 views

RHEL 9 : rpm (RHSA-2024:0453)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0453 advisory. The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and...

6.7CVSS6.9AI score0.00491EPSS
Exploits3References9
OpenVAS
OpenVAS
added 2023/01/12 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1174)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS7.4AI score0.00491EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2023/01/12 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1202)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS7.4AI score0.00491EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.42 views

EulerOS Virtualization 2.10.0 : rpm (EulerOS-SA-2023-1174)

According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were...

7.8CVSS6.5AI score0.00491EPSS
Exploits3References4
Rows per page
Query Builder