CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

Creation of Temporary File in Directory with Insecure Permissions

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in the ExperimentalOptions used in handling disk retry storage for telemetry data...

PT-2026-34503

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

GHSA-597G-3PHW-6986 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...

EUVD-2021-13226

Malware in sbrugna...

EUVD-2023-25954

Malicious code in bioql PyPI...

EUVD-2025-31429

Malicious code in bioql PyPI...

EUVD-2024-30287

Malicious code in bioql PyPI...

CVE-2024-32478

Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...

CVE-2025-47794 Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud...

AZL-40400 CVE-2024-34397 affecting package glib for versions less than 2.78.6-1

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...

Insufficiently Protected Credentials

github.com/schollz/croc is vulnerable to sensitive information disclosure via Insufficiently Protected Credentials. The vulnerability is due to when users specify a custom shared secret via the command line, as it becomes visible on the host's process list for all local users. This can lead to...

git: Bypass of safe.directory protections

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...

git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...

git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...

OESA-2022-1676 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

USN-5376-2 git vulnerability

USN-5376-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run...

DEBIAN-CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...

Mcafee WebAdvisor Access Control Error Vulnerability

McAfee WebAdvisor, an organization of Mcafee, Inc. that evaluates Web site security, also refers to the services it provides. attackers can use this vulnerability to obtain detailed information about McAfee WebAdvisor settings and user systems...

Mcafee WebAdvisor 访问控制错误漏洞

McAfee WebAdvisor, an organization of Mcafee, Inc. that evaluates Web site security, also refers to the services it provides. attackers can use this vulnerability to obtain detailed information about McAfee WebAdvisor settings and user systems...