1098 matches found
CVE-2026-3888
A privilege escalation flaw has been discovered in snapd. This local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. Mitigation Mitigation...
USN-8102-2 snapd regression
USN-8102-1 fixed a vulnerability in snapd. The update caused a regresision for Ubuntu 24.04 LTS while installing the package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that snapd incorrectly handled certain operations in the...
EUVD-2026-12570
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS...
CVE-2026-3888 Local Privilege Escalation in snapd
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS...
CVE-2026-3888 Local Privilege Escalation in snapd
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS...
CVE-2026-3888
Summary: CVE-2026-3888 is a local privilege escalation in snapd on Linux, enabling a local attacker to gain root by re-creating snap’s private /tmp directory when systemd-tmpfiles cleans it. Affected software: snapd on Linux distributions listed by the initial description (Ubuntu 16.04 LTS, 18.04...
Linux Distros Unpatched Vulnerability : CVE-2026-3888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is...
Canonical Ubuntu Linux 安全漏洞
Canonical Ubuntu Linux is a set of Linux operating systems developed by the British company Canonical. Canonical Ubuntu Linux has security vulnerabilities. These vulnerabilities stem from the fact that snapd allows local attackers to re-create the private/tmp directories for snaps when...
Dagu: Path Traversal via `dagRunId` in Inline DAG Execution
Vulnerability Summary The dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as...
SUSE CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31979
CVE-2026-31979 affects Himmelblau’s daemon (himmelblaud-tasks) running as root. The issue arises prior to 3.1.0 and 2.3.8 where the daemon writes Kerberos cache files under /tmp/krb5cc_ without symlink protections, and after commit 87a51ee PrivateTmp was removed from the systemd hardening, exposi...
CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31979 himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31979 himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot
Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...
Temporary path handling could write outside OpenClaw temp boundary
Summary Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root. Affected Packages / Versions - Package: openclaw npm - Latest published version verified during triage: 2026.2.23 - Affected versions: = 2026.2.24 Detail...
SUSE-SU-2026:0765-1 Security update for smc-tools
This update for smc-tools fixes the following issues: Update to version 1.8.7 jscPED-14601. Security issues fixed: - VUL-1: smc-tools: predictable /tmp file allows for local denial of service bsc1230052, bsc1258495. Other updates and bugfixes: - smcrnics: fix regression when PFT not available -...
Intego Log Reporter 安全漏洞
Intego Log Reporter is a log collection and analysis tool developed by Intego. There is a security vulnerability in Intego Log Reporter. This vulnerability stems from diagnostic scripts executed with root privileges, which fail to enforce secure directory handling when creating and writing files ...