Lucene search
+L

314 matches found

Oracle linux
Oracle linux
added 3 days ago5 views

rsync security, bug fix, and enhancement update

3.4.4-1 - Resolves: RHEL-181630 - Rebase rsync to version 3.4.4 - Resolves: RHEL-174929 - TOCTOU symlink race condition CVE-2026-29518 - Resolves: RHEL-174949 - Memory disclosure via int overflow CVE-2026-43618 3.4.1-3 - Resolves: RHEL-118549 - Do not clear DISPLAY unconditionally...

8.1CVSS6.1AI score0.0078EPSS
Exploits0
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-62294

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-62294

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS0.00101EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS0.00101EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-44675

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 12:16 p.m.11 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS0.00105EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-630 Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system...

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

7.2CVSS6.1AI score0.00136EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:30 p.m.6 views

CVE-2026-53765

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

6.1CVSS5.9AI score0.00077EPSS
Exploits1References2Affected Software1
Oracle linux
Oracle linux
added 2026/06/23 12:0 a.m.7 views

rsync security update

3.2.5-7.2 - Fix integer overflow in compressed-token decoding CVE-2026-43618 - Resolves: RHEL-174932 3.2.5-7.1 - Fix TOCTOU symlink race in daemon no-chroot mode CVE-2026-29518 - Resolves: RHEL-174952 3.2.5-4 - Resolves: RHEL-104404 - Do not clear DISPLAY unconditionally...

8.1CVSS5.9AI score0.0078EPSS
Exploits0
NVD
NVD
added 2026/06/18 8:16 p.m.16 views

CVE-2026-48983

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS0.00084EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 7:7 p.m.9 views

CVE-2026-48983

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS5.3AI score0.00084EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50784

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description A symlink race condition exists in the creation of per-device and per-user pad directories. The software employs a check-then-act pattern, where it calls lstat to verify existence and subsequently...

5.8CVSS5.9AI score0.00084EPSS
Exploits0References8
OSV
OSV
added 2026/06/17 12:3 p.m.7 views

RLSA-2026:26410 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

8.1CVSS5.5AI score0.0078EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 6:0 a.m.6 views

RLSA-2026:26408 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

8.1CVSS5.4AI score0.0078EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50471

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...

6.1CVSS5.4AI score0.00077EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/16 5:38 p.m.14 views

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

7.8CVSS5.3AI score0.00152EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/16 5:37 p.m.7 views

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

7.8CVSS5.3AI score0.00152EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/16 7:31 a.m.21 views

USN-8349-3: rsync regression

USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/06/16 7:31 a.m.6 views

USN-8349-3 rsync regression

USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read...

8.1CVSS5.6AI score0.0078EPSS
Exploits1References2
Rows per page
Query Builder