CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27591
https://notcve.org/view.php?id=CVE-2025-27591
11 Mar 2025 — A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. • https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50050
https://notcve.org/view.php?id=CVE-2024-50050
23 Oct 2024 — Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead. • https://www.facebook.com/security/advisories/cve-2024-50050 •