10 matches found
Security update for nodejs22
This update for nodejs22 fixes the following issues: Security fixes: CVE-2026-22036: Fixed unbounded decompression chain in HTTP response leading to resource exhaustion bsc1256848 CVE-2026-21637: Fixed synchronous exceptions thrown during callbacks that bypass TLS error handling and causing denia...
EUVD-2011-3118
Malware in sbrugna...
Design/Logic Flaw
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem...
CVE-2011-3151
CVE-2011-3151 affects the Ubuntu SELinux initscript prior to version 1:0.10. The initscript uses touch to create a lockfile in a world-writable directory. If the kernel lacks symlink protections, an attacker could cause a zero-byte file to be allocated on any writable filesystem. This description...
CVE-2011-3151 SELinux initscript misuse of touch
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem...
CVE-2016-10089
A vulnerability was found in Nagios 4.2.4, and earlier, which allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Mitigation This flaw, and others like it, are mitigated by enabling hardlink and symlink protections. These...
[USN-2744-1] Apport vulnerability
========================================================================== Ubuntu Security Notice USN-2744-1 September 24, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Ubuntu 14.04 LTS : Apport vulnerability (USN-2744-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2744-1 advisory. Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevat...
USN-2744-1 apport vulnerability
Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service...
CVE-2012-2120
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file...