SUSE-SU-2026:1520-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.13-0 Update translation strings uyuni-tools: Version 5.1.26-0 Fix applying PTF with images from RPMs bsc1252548 Ssl Key file can miss if CA password is blank bsc1254154 mgrpxy ssh tuning should happens before crypto policies bsc1254619...

CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

EUVD-2025-74039

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...

CVE-2025-11906

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

PT-2025-44375

Name of the Vulnerable Software and Affected Versions Progress Flowmon versions prior to 12.5.6 Description A flaw exists in Progress Flowmon where system configuration files have incorrect file permissions. A user with access to the default flowmon system user account used for SSH access could...

EUVD-2019-6652

Malware in sbrugna...

EUVD-2020-3040

Malware in sbrugna...

SUSE-SU-2023:3945-1 Security update for postfix

This update for postfix fixes the following issues: Security fixes: - CVE-2023-32182: Fixed configpostfix SUSE specific script using potentially bad /tmp file bsc1211196. Other fixes: - postfix: config.postfix causes too tight permission on main.cf bsc1215372...

USN-6355-1 grub2-signed, grub2-unsigned, shim, and shim-signed vulnerability

Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. CVE-2021-3695 Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local...

CVE-2020-17415

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

PT-2020-13124 · Grafana +4 · Grafana +4

Name of the Vulnerable Software and Affected Versions: Grafana versions 6.0.0 through 6.3.6 Grafana versions prior to 7.2.1 Description: The configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml are world readable, containing a secret key and a bind password. Recommendations: Fo...

CVE-2018-7581

\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions BUILTIN\Users:IDC, which allows local users to set a cleartext password and login as admin...

System: insecure config file permissions

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files...