Dell Wyse Management Suite WMS 安全漏洞

Wyse Management Suite WMS is a cloud and local management platform from Dell, USA. Wyse Management Suite WMS suffers from an authorization issue vulnerability that stems from insecure inheritance permissions, no details of the vulnerability are provided at this time...

Security update for proftpd

This update for proftpd fixes the following issues: CVE-2024-57392: Fixed null pointer dereference vulnerability by sending a maliciously crafted message bsc1238143. CVE-2024-48651: Fixed supplemental group inheritance granting unintended access to GID 0 bsc1238141. Patch Instructions: To install...

SUSE-SU-2025:1028-1 Security update for proftpd

This update for proftpd fixes the following issues: - CVE-2024-57392: Fixed null pointer dereference vulnerability by sending a maliciously crafted message bsc1238143. - CVE-2024-48651: Fixed supplemental group inheritance granting unintended access to GID 0 bsc1238141...

USN-7297-1 ProFTPD vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the transport protocol implementation in ProFTPD had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. CVE-2023-48795 Martin Mirchev discovered that...

DEBIAN-CVE-2025-1390

The PAM module pamcap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to...

AZL-57034 CVE-2025-1390 affecting package libcap for versions less than 2.69-2

The PAM module pamcap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to...

PT-2025-6914

Name of the Vulnerable Software and Affected Versions: libcap affected versions not specified Description: The PAM module pam cap.so of libcap configuration incorrectly recognizes configurations not starting with "@" as group names, potentially leading to nonintended users being granted an...

CVE-2024-24747

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

Mageia: Security Advisory (MGASA-2025-0015)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0015 Updated proftpd packages fix security vulnerability

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql. CVE-2024-48651...

Updated proftpd packages fix security vulnerability

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql. CVE-2024-48651...

SUSE CVE-2024-56665

In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid progarray access in perfeventdetachbpfprog Syzbot reported 1 crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf progra...

DEBIAN-CVE-2024-56665

In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid progarray access in perfeventdetachbpfprog Syzbot reported 1 crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf progra...

UBUNTU-CVE-2024-56665

In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid progarray access in perfeventdetachbpfprog Syzbot reported 1 crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf progra...

SUSE CVE-2024-43784

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...

DEBIAN-CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

UBUNTU-CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

CVE-2024-48651 affects ProFTPD up to 1.3.8b prior to the commit cec01cc, where supplemental group inheritance can grant unintended access to GID 0 due to the absence of supplemental groups from mod_sql. Nessus advisories and public references describe the issue in ProFTPD across multiple vendor a...