Spring Boot's PID file write follows symlinks at predictable default path

When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16,...

BIT-GOLANG-2025-0913 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

UBUNTU-CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1011-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities ...

SuSE 11 Security Update : MySQL (SAT Patch Number 2317)

Updated MySQL packages fix the following bugs : - upstream 47320 - checking server certificates. CVE-2009-4028 - upstream 48291 - error handling in subqueries. CVE-2009-4019 - upstream 47780 - preserving nullvalue flag in GeomFromWKB. CVE-2009-4019 - upstream 39277 - symlink behaviour fixed...

SuSE 10 Security Update : MySQL (ZYPP Patch Number 6899)

This update fixes various security issues bnc557669 : upstream 47320 - checking server certificates CVE-2009-4028 upstream 48291 - error handling in subqueries CVE-2009-4019 upstream 47780 - preserving nullvalue flag in GeomFromWKB CVE-2009-4019 upstream 39277 - symlink behaviour fixed...

openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)

Updated mysql packages fix the following bugs : - upstream 47320 - checking server certificates CVE-2009-4028 - upstream 48291 - error handling in subqueries CVE-2009-4019 - upstream 47780 - preserving nullvalue flag in GeomFromWKB CVE-2009-4019 - upstream 39277 - symlink behaviour fixed...

openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)

This update fixes several security issues in mysql : - checking server certificates CVE-2009-4028 - error handling in subqueries CVE-2009-4019 - preserving nullvalue flag in GeomFromWKB CVE-2009-4019 - symlink behavior fixed CVE-2008-7247 - symlink behavior refixed CVE-2009-4030 %NASLMINLEVEL 703...

openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)

This update fixes several security issues in mysql : - checking server certificates CVE-2009-4028 - error handling in subqueries CVE-2009-4019 - preserving nullvalue flag in GeomFromWKB CVE-2009-4019 - symlink behavior fixed CVE-2008-7247 - symlink behavior refixed CVE-2009-4030 %NASLMINLEVEL 703...