Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. CVE-2025-32803: Insecure file permissions can...

Oracle Linux 10 : kea (ELSA-2025-9178)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-9178 advisory. - Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

Fedora: Security Advisory (FEDORA-2025-dc6ec0a8e2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

CVE-2025-32802 Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

CVE-2025-32802

creationtimestamp| type| source ---|---|--- 2025-05-28 14:42:56+00:00| seen| https://seclists.org/oss-sec/2025/q2/176 2025-05-28 15:24:20+00:00| seen| https://seclists.org/oss-sec/2025/q2/177 2025-05-28 16:15:52+00:00| seen| https://seclists.org/oss-sec/2025/q2/178 2025-05-28 16:25:37+00:00| seen...

CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

CVE-2022-32802

A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution...

less security update

458-10 - Fix CVE-2024-32487 - Resolves: RHEL-32802...

CVE-2024-32802

Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32...

WordPress BP Better Messages Plugin <= 2.4.32 is vulnerable to Broken Authentication

Software BP Better Messages Type Plugin Vulnerable versions = 2.4.32 Fixed in 2.4.33 OWASP Top 10 A5: Security Misconfiguration Classification Broken Authentication CVE CVE-2024-32802 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID f9f66260d562 Credits Ananda Dhakal...

CVE-2023-32802

creationtimestamp| type| source ---|---|--- 2023-08-30 16:12:33+00:00| seen| https://t.me/cibsecurity/69430...

CVE-2023-32802

CVE-2023-32802 affects WordPress/WooCommerce Pre-Orders plugin versions ≤ 1.9.0. It is an unauthenticated reflected XSS vulnerability in the pre-orders feature, permitting script execution when a crafted URL is visited by a user. Remediation: upgrade to a version &gt; 1.9.0 (fixed in 2.0.0) or ap...

WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 1.9.0 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32802 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 410dcc0b8c9c Credits Rafie...

CVE-2022-32802

A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2022-32802

A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2022-32802

CVE-2022-32802 is Apple’s vulnerability described as a logic issue that could allow arbitrary code execution when processing a maliciously crafted file. It affects Apple platforms including iOS, iPadOS, tvOS, and macOS Monterey, with the fixed versions listed as iOS 15.6, iPadOS 15.6, tvOS 15.6, ...

macOS RawCamera Out-Of-Bounds Write Vulnerability

There is an out-of-bounds write vulnerability when decoding a certain flavor of RAW image files on macOS. The vulnerability has been confirmed on macOS 12.3.1. Although the advisory notes an attached poc, Google did not have one attached. MacOS: Out-of-bounds write in RawCamera There is an...

FIS GT.M Denial of Service Vulnerability (CNVD-2022-32802)

FIS GT.M is a database platform. A security vulnerability exists in versions prior to FIS GT.M V7.0-000, which can be exploited by an attacker to cause an integer underflow to the size of the memset call in opfnj3 in srport/opfnj3.c, resulting in a segmentation error and crashing the application...

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1255-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1255-1 advisory. - Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud...