SUSE-SU-2022:1666-1 Security update for slurm

This update for slurm fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root bsc1199278. - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrar...

Backdoor.Win32.Zombam.l Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9729e9fc004ea49d3c2ddee28736dae3B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.l Vulnerability: Unauthenticated URL Command Injection Description: Zombam...

USN-4808-1: Tinyproxy vulnerability

It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as the Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and caus...

CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...

CVE-2012-6136

CVE-2012-6136 affects the Linux tuned daemon (e.g., tuned 2.10.0) where the PID file is created with insecure permissions, enabling local users to kill arbitrary processes. Technical details across multiple advisories (SUSE, Debian/Ubuntu, Red Hat) confirm the same root cause and impact. Remediat...

CVE-2019-3805

A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

wildfly: Race condition on PID file allows for termination of arbitrary processes by local users

A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

CVE-2019-3805

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate a...

CVE-2019-3805

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate a...

CVE-2019-3805

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate a...

Dolby DAX2 API Denial of Service - Lenovo Support US

No description provided...

openSUSE: Security Advisory for supportutils (openSUSE-SU-2019:0293-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : supportutils (openSUSE-2019-293)

This update for supportutils fixes the following issues : Security issues fixed : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...

CVE-2018-19640

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...

CVE-2018-19640 Code execution if run with command line switch -v

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...

CVE-2018-19640

CVE-2018-19640 affects the OpenSUSE/openSUSE/SUSE openSUSE hostinfo and supportutils up to versions before 3.1-5.7.1. The issue allows an attacker who can create files in the log-collection directory to kill arbitrary processes on the local machine. Root cause cited: manipulation of the log direc...

LAquis SCADA LGX Report ShellExecute Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Denial Of Service (DoS)

openipmi is vulnerable to denial of service DoS attacks. The vulnerability exists as ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid...

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executi...